Node WWN 100000c0dd 07e34e | Q-Logic 64 guide

3 – Planning Fabric Security

D

3.Create an ISL group (Group_ISL) in Security_Set_1 with Switch_2 as its member. Only Switch_2 need be a member because there is no authentication between the switches.

	ISL Group: Group_ISL

Switch_2	Node WWN: 10:00:00:c0:dd:07:e3:4e
	Authentication: None
	Binding: None

4.Configure security on HBA_1 using the appropriate management tool. Logins between the Switch_1 and HBA_1 will be challenged (CHAP) for their respective secrets. Therefore, the secrets for Switch_1 and HBA_1 that you configured on Switch_1 must also be configured on HBA_1.

5.Save Security_Set_1 and prepare to activate it. Activating a security set does not affect currently logged-in ports. Therefore, to apply the security policy that you designed in the security database, you must offline the secured ports, activate the security set, then place the secured ports back online.

3-14	59043-03 A

Image 54

Q-Logic 64 manual Node WWN 100000c0dd 07e34e

Contents

SANbox2-64 Fibre Channel Switch Installation Guide SANbox2-64 Fibre Channel Switch Installation Guide Document Revision History Table of Contents Devices Multiple Chassis Fabrics Section InstallationSection Planning Site Requirements Fabric Management Workstation Section Diagnostics/Troubleshooting Section Removal/Replacement Appendix a Specifications Appendix B Command Line Interface Command Syntax Zone Command Zoneset Command 101 Zoning Command 104 Glossary Index Tables Serial Port Pin IdentificationPage Introduction Intended Audience Related Materials Safety Notices Sicherheitshinweise Communications Statements Federal Communications Commission FCC Class a Statement CE Statement Vcci Class a Statement Bsmi Class a Statement Laser Safety Information Electrostatic Discharge Sensitivity Esds Precautions Accessible Parts Pièces AccessiblesZugängliche Teile General Public License Preamble 12.2 Introduction General Public License Introduction General Public License Introduction General Public License How to Apply These Terms to Your New Programs No Warranty Copyright C yyyy name of author Training Technical SupportAvailability Contact Information General Description SANbox2-64 64-Port Fibre Channel Switch Chassis Hardware Slot and Fibre Channel Port Numbering Maintenance Button Chassis Controls and LEDs Resetting a Switch Placing the Switch in Maintenance Mode Over Temperature LED Amber Chassis LEDsFan Fail LED Amber Input Power LED Green Heartbeat LED AmberFibre Channel Ports Port Status LED Small Form-Factor Pluggable SFP Transceivers Expansion Port Port ModesFabric Ports Ethernet Port Serial Port Ethernet Port Serial Port Pin Identification Pin Number Description Power Supply Modules Power Supply Components Fans 10. Fans Switch Management Planning Devices Single Switch Fabric with Initiators and Targets Dual Switch Fabric with Initiators and Targets Multiple Chassis Fabrics Domain ID, Principal Priority, and Domain ID Lock Common Topologies Performance Distance Port-to-Port Transmission Combinations BandwidthLatency Port-to-Port Latency Device Access Access Control List Hard Zones Soft Zones Virtual Private Fabric Hard Zones Fabric Security User Account Security Security Example Switches and HBAs Device Security Node WWN 100000c0dd07c34d Secret fedcba9876543210fedcba9876543210fedcba Node WWN 100000c0dd 07e34e Security Example Host Authentication Create a security set SecuritySet2 on Switch2 MS Group Group1 Fabric Services Fabric Management Planning Fabric Management 59043-03 a Fabric Management Workstation Switch Power RequirementsSite Requirements Management Workstation Requirements Installing a Switch Environmental Conditions Mount the Switch Avertissement Assembly, make sure that the operating temperature inside Locked prior to applying power to the switch„ If the switch is mounted in a closed or multi-unit rack Rack for service access and ventilation SANbox2-64 Rail Kit Install SFP Transceivers Connect the Switch to AC Power Avertissement Appendix a Specifications Connect the Management Workstation to the Switch Ethernet and Serial Cable Connections Ethernet Connection Serial Connection Install SANbox Manager Enter the following command at the Solaris prompt SANsurfer Management Suite Disk Windows Installation SANsurfer Management Suite Disk Linux Installation SANsurfer Management Suite Disk Solaris Installation Enter the following command SANbox2 Installation Disk Windows Installation SANbox2 Installation Disk Linux Installation SANbox2 Installation Disk Solaris InstallationConfigure the Switch Configure the Ports Cable Devices to the Switch Install Firmware Using SANbox Manager to Install Firmware Using the CLI to Install Firmware To start an admin session, enter the followingEnter the following command to install the new firmware Using FTP and the CLI to Install Firmware Close the FTP session Powering Down a Switch Post Diagnostics Heartbeat LED Blink PatternsNormal all pass Configuration File System Error Blink Pattern Maintenance Mode PatternFatal Error Blink Pattern To recreate the configuration file, do the following Ftp Ftp switchname Enter the following account name and password userimages Restore the configuration fileReset the switch and close the Telnet session Logging Error Port Status LED Indications EPort Isolation Excessive Port Errors Diagnostics/Troubleshooting Post Diagnostics Chassis Diagnostics Chassis and Power Supply LEDs Over Temperature LED is Illuminated Input Power LED Is ExtinguishedFan Fail LED is Illuminated Output Power LED Is Extinguished Power Supply Fault LED is Illuminated Recovering a Switch Maintenance Exit Maintenance Image Unpack Maintenance Copy Log Files Maintenance Reset Network ConfigMaintenance Reset Password File Maintenance Remove Switch Config Maintenance Show Firmware Versions Maintenance Set Active Image Diagnostics/Troubleshooting Recovering a Switch 59043-03 a Marginal Operating Configurations SFP Transceivers CPU Module Removing the CPU Module Removal/Replacement CPU Module Installing the CPU Module Removing the CPU Module Ftp put imagefile Removal/Replacement CPU Module Blades Choose the Replace task Choose the slot number 6 for example Disconnect all cables from the selected I/O blade To install a new I/O blade, enter y Removing an I/O Blade Removal/Replacement I/O Blades Cross-Connect Blades CC Blade Slots Removing a CC Blade Switch Cover Removal Installing a CC Blade Installing a CC Blade Avertissement Removing a Power Supply Module Removing a Power Supply Module Installing a Power Supply Module Removing a Fan Removing a Fan Installing a Fan Installing a Fan Fabric Specifications Maintainability Dimensions Electrical Environmental Regulatory Certifications Shortwave Laser SFP 1G/2G multi-mode Longwave Laser SFP 1G/2G single-mode Page Command Line Interface Logging On to a Switch Command Syntax Table B-1. Command-Line Completion Commands Table B-2. Commands Listed by Authority Level Syntax Admin CommandAuthority Keywords Alias Command Syntax alias Members alias Remove alias memberlistRename aliasold aliasnew Keywords activate config Config CommandSyntax config Edit config Command RestoreArchive function are not compatible with the Config Restore Save config # ftp symbolicname or ipaddress Date Command Syntax dateKeywords MMDDhhmmCCYY Fallback Command Fallback Keywords add group Group CommandSyntax group Table B-3. Group Member Attributes Edit group member Copy groupsource groupdestinationCreate group type Table B-4. Group Member Attributes Members group Following is an example of the Group Edit commandFollowing is an example of the Group List command Remove group members Following is an example of the Group Members command Hardreset Command HardresetPending firmware and disrupts traffic Syntax help command keyword Help CommandKeywords command Authority None Following is an example of the Help Set Beacon command History Command Authority None Syntax history Fabric is in the diagnostic operational state Hotreset CommandHotreset This command clears the event log and all counters Hotswap Command Hotswap To replace? 1,2,3,4,6,7,8,9 1 Image Image CommandCleanup Fetch accountname ipaddress filesource filedestination Lip Command Passwd accountname Passwd CommandChanges a user account’s password Accountname Ipaddress Ping CommandAuthority None Syntax Ping Keywords ipaddress Syntax Examples Ps CommandFollowing is an example of the Ps command Displays current system process information Quit Command Closes the Telnet sessionSyntax quit, exit, or logout Reset Command Config configname System SwitchTable B-5. Switch Configuration Defaults Zoning Table B-6. Port Configuration Defaults Mfstov Table B-7. Alarm Threshold Configuration Defaults Table B-8. Zoning Configuration Defaults Table B-9. Snmp Configuration Defaults Table B-10. System Configuration Defaults Table B-11. Security Configuration Defaults Clear Security CommandKeywords active Edit Limits Following is an example of the Security History commandHistory Save Following is an example of the Security Limits command Following is an example of the Security List command Securityset Command Remove securityset group Delete securitysetGroups securityset Rename securitysetold securitysetnew Set Command Syntax set Log option Setup optionSwitch state Pagebreak state Keywords blade slotnumber Set Config CommandTable B-12. Set Config Port Parameters Port portnumber Send Arbff True instead of IDLEs Table B-12. Set Config Port Parameters Table B-13. Security Configuration Parameters Table B-14. Set Config Switch Parameters Threshold Table B-15. Set Config Threshold Parameters Table B-16. Set Config Zoning Parameters Memory. Refer to FC-SW-2 Compliant Following is an example of the Set Config Port command Arbff Following is and example of the Set Config Security command Following is an example of the Set Config Switch command Following is an example of the Set Config Threshold command Following is an example of the Set Config Zoning command This Archive Set Log CommandSet log Component list Level level Port portlist Stops logging of events StartStop Level keyword to Info at the same time Set Port Command Set setup Set Setup CommandSnmp configuration and one system configuration Table B-17. Snmp Configuration Settings Table B-18. System Configuration Settings SANbox2 admin # set setup snmp Trap1Severity See Following is an example of the Set Setup System command SANbox2 admin # set setup system Keywords about Show CommandAlarm Blade Fdmi nodewwn Log optionNs option Perf option PagebreakPanel Table B-19. Show Port Parameters LIP Alpd Alps Post log Slot slotnumber Topology Steering domainidSupport Users Following is an example of the Show Chassis command Following is an example of the Show Domains command Following is an example of the Show Fabric commandFollowing is an example of the Show Panel command Following is an example of the Show Fdmi command Following is an example of the Show Fdmi WWN commandFollowing is an example of the Show NS local domain command Following is an example of the Show NS domainID command Following is an example of the Show NS portID commandFollowing is an example of the Show Interface command Following is an example of the Show Port command LIPF8F7 Following is an example of the Show Slot command Following is an example of the Show Switch command Following is an example of the Show Topology command Command Line Interface Show Command Following is an example of the Show Version command Show Config Command Show configBlade slotnumber Following is an example of the Show Config Switch command Following is an example of the Show Config Threshold command Following is an example of the Show Config Zoning command Show Log Command Keywords component Following is an example of the Show Log Options command Following is an example of the Show Log command Show Perf Command Errors portnumber Following is an example of the Show Perf Byte command Show Setup Command Show setupMfg Following is an example of the Show Setup Snmp command Following is an example of the Show Setup System command Shutdown Command Power from the switchShutdown Port portnumber testtype Test CommandTest Status Test port x internal Command Line Interface Test Command Uptime Command Examples The following is an example of the Uptime commandAuthority None Syntax uptime Add User CommandKeywords accounts Delete accountname Following is an example of the User Add command Following is an example of the User Edit command Following is an example of the User Delete command Following is an example of the User List command Whoami Command Following is an example of the Whoami commandWhoami Zone Command Syntax zone Rename zoneold zonenew Members zoneRemove zone memberlist Type zone zonetype Following is an example of the Zone Members command Following is an example of the Zone Zonesets command Zoneset Command Syntax zoneset Rename zonesetold zonesetnew Following is an example of the Zoneset List commandRemove zoneset zonelist Zones zoneset Following is an example of the Zoneset Zones command Zoning Command Opens a Zoning Edit session Following is an example of the Zoning Limits command Following is an example of the Zoning List command E2JBOD2 59043-03 a 107 Command Line Interface Zoning Command 108 59043-03 a BootP Access Control List ZoneAdministrative State Class 2 Service Default Visibility Class 3 ServiceConfigured Zone Sets Fabric Management Switch Maintenance Button Input Power LEDInter-Switch Link Maintenance Mode Power On Self Test Post Output Power LEDOver Temperature LED Principal Switch Worldwide Name WWN User Account SecurityVirtual Private Fabric Zone ZonePage Index Numerics Index-2 59043-03 a 59043-03 a Index-3 Index-4 59043-03 a 59043-03 a Index-5 Index-6 59043-03 a 59043-03 a Index-7