Managing Fabrics, Radius Servers | Q-Logic 59022-11 A 4-13 instruction

Section 3

Managing Fabrics

This section describes the following tasks that manage fabrics:

RADIUS Servers

Securing a Fabric

Tracking Fabric Firmware and Software Versions

Managing the Fabric Database

Displaying Fabric Information

Working with Device Information and Nicknames

Zoning a Fabric

3.1

RADIUS Servers

Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of authentication passwords in larger networks. It has a client/server model, where the server is the password repository and third party authentication point and the clients are all of the managed devices. RADIUS can be configured for devices and/or user accounts. The RADIUS server dialogs are available only on a secure fabric connection (SSL) and on the entry switch (out of band switch). Refer to ”Connection Security” on page 3-7and ”System Services Dialog” on page 4-27for more information.

RADIUS is designed to authenticate users and devices using a challenge/response protocol. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject. The RADIUS client does not need to be configured with any user authentication information, this all resides on the RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client. The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch management applications.

59022-11 A

3-1

Image 51

Q-Logic 59022-11 A 4-13, SANBOX2-16 manual Managing Fabrics, Radius Servers

Contents

SANbox2-8c/16 Switch Management User’s Guide Document Revision History SANbox2-8c/16 Switch Management User’s Guide Table of Contents Section Managing Fabrics SANbox2-8c/16 Switch Management Working with Device Information and Nicknames Zoning a Fabric Changing a User Account Password Section Managing Switches Section Managing Ports Changing the Default Performance View File Encryption Key 109 Appendix a Command Line Interface103 106 Glossary Index Figures Tables 131 Port Threshold Alarm Configuration Defaults Related Materials Intended Audience Jdom License Contact Information Technical SupportAvailability Training Introduction Technical Support 59022-11 a Using SANsurfer Switch Manager Installing the Management Application Workstation RequirementsWorkstation Requirements For a Linux platform SANsurfer Switch ManagerChange directory to the location of the install program For a Windows platform Open the CD and move to the following folder SMS Installation for WindowsSANsurfer Management Suite For a Mac OS X platform Chglax.bat SMS Installation for Linux SMS Installation for Solaris Install the new SANsurfer Switch Manager package Change directories to the package locationLocate and execute the file sbmoversms.sh Starting SANsurfer Switch Manager Initial Startup Dialog ‰ For Linux or Solaris enter the SANsurfer command SANsurfer Switch Manager Window Exiting SANsurfer Management Suite Save Default Fabric View File Dialog Load Default Fabric File Dialog Uninstalling SANsurfer Switch Manager Installdirectory/UninstallData/SANsurferUninstaller SMS Uninstall Changing the Encryption Key for the Default Fabric View File Standalone Uninstall Saving and Opening Fabric View Files Setting SANsurfer Switch Manager Preferences Preferences Dialog SANsurfer Switch Manager Viewing Software Version and Copyright Information Using Online Help SANsurfer Switch Manager User Interface Topology DisplayFaceplate Display Menu Bar Topology Display MenuMenu options in the topology display are shown in Figure Faceplate Display Menu Shortcut KeysMenu options in the faceplate display are shown in Figure Tool Bar Buttons Tool Bar Fabric Tree Fabric Tree Working Status Indicator Graphic WindowData Window and Tabs Switch and Link Status Using the Topology Display Working with Switches and Links Selecting Switches and LinksArranging Switches in the Display Topology Data Windows Opening the Faceplate Display and Topology Popup Menus Port Views and Status Using the Faceplate Display Selecting Ports Working with Ports Opening the Faceplate Popup Menu Faceplate Data Windows Page Radius Servers Managing Fabrics Add Server Adding a Radius Server Managing Fabrics Remove Server Removing a Radius Server Edit Radius Server Information Editing Radius Server Information Modify Authentication Order Radius Server Information Modifying Authentication Order Radius Server Information Securing a Fabric Connection SecurityFabric security consists of the following User Account Security Security Consistency Checklist Device Security Edit Security Dialog Edit Security Dialog Creating a Security Set Create Security Group Dialog Create Security Group Dialog Creating a Security Group Create a Security Group Member Dialog Create Security Group Member Dialog Creating a Security Group Member Editing the Security Configuration on a Switch Viewing Properties of a Security Set, Group, or Member Using the Security Config Dialog Archiving a Security Configuration to a File Activating a Security SetDeactivating a Security Set Active Security Data Window Configured Security Data WindowFabric Services Enabling Snmp Configuration Saving a Version Snapshot Click the In-band Management Enable buttonEnabling In-band Management Tracking Fabric Firmware and Software Versions Exporting Version Snapshots to a File Viewing and Comparing Version Snapshots Adding a Fabric Managing the Fabric Database Opening a Fabric View File Removing a Fabric Adding a New Switch to a Fabric Saving a Fabric View FileRediscovering a Fabric Replacing a Failed Switch Displaying Fabric Information Deleting Switches and Links Fabric Status Topology Display Switch and Status Icons 11. Events Browser Displaying the Event Browser Icon Severity Levels 12. Filter Events Dialog Filtering the Event Browser Saving the Event Browser to a File Sorting the Event Browser Devices Data Window Entries Devices Data Window 13. Active Zone Set Data Window Active Zone Set Data Window Displaying Detailed Device Information SANsurfer Switch Manager enables you to do the followingLink Data Window Working with Device Information and Nicknames Exporting Device Information to a File Managing Device Port NicknamesCreating a Nickname Editing a Nickname Deleting a NicknameExporting Nicknames to a File Importing a Nicknames File Zoning a FabricZoning Concepts Soft Zones Zones Access Control List Hard Zones AliasesZone Sets Zoning Database Using the Zoning Wizard Managing the Zoning DatabaseManaging the zoning database consists of the following 15. Edit Zoning Dialog Editing the Zoning Database Edit Zoning Dialog Tool Bar Buttons and Icons 16. Zoning Config Dialog Configuring the Zoning Database Saving the Zoning Database to a File Default VisibilityInterop Auto Save Discard Inactive Restoring the Default Zoning Database Restoring the Zoning Database from a FileRemoving All Zoning Definitions Creating a Zone Set Managing Zone Sets Copying a Zone to a Zone Set Activating and Deactivating a Zone Set Removing a Zone Set Removing a Zone from a Zone Set or from All Zone Sets Managing Zones Creating a Zone in a Zone SetManaging zones involves the following Adding Zone Members Click the OK button to add the member and save the change Renaming a Zone or a Zone SetRemoving a Zone Member Removing a Zone from a Zone Set Removing a Zone from All Zone Sets Changing Zone TypesManaging Aliases Adding a Member to an Alias Creating an Alias Removing an Alias from All Zones Merging Fabrics and ZoningZone Merge Failure Zone Merge Failure Recovery Managing Switches Factory User Accounts Managing User Accounts Creating User Accounts User Account Administration Dialog Add Account Removing a User Account User Account Administration Dialog Remove Account User Account Administration Dialog- Change Password Changing a User Account Password Modifying a User Account User Account Administration Dialog Modify Account Faceplate Display Displaying Switch Information Switch Data Window Entries Switch Data Window Ratov Switch Data Window Entries Displaying Detailed Device Information on page 3-34for Port Statistics Data Window Faceplate Display Port Information Port Information Data Window Configured Zonesets Data Window Configured and Active Zonesets Data Window Port Threshold Alarm Configuration Dialog Configuring Port Threshold Alarms Sample Window Paging a SwitchEvent Count Resetting a Switch Setting the Date/Time and Enabling NTP Client Type Description Switch Resets Using the Configuration Wizard Configuring a Switch 10. Switch Properties Dialog Switch Properties Symbolic Name Switch Administrative StatesSwitch Administrative States Domain ID and Domain ID Lock Fabric Device Management Interface In-band Management Broadcast Support Interop Mode for Zoning Advanced Switch Properties Timeout Values Timeout ValuesLegacy Port Address Format 12. System Services Dialog System Services Dialog Security Consistency Checklist Dialog 13. Network Properties Dialog Network Properties IP Configuration Parameters IP Configuration NTP Client Remote Logging 14. Snmp Properties Dialog Snmp Properties Snmp Configuration Parameters Snmp Configuration Snmp Trap Configuration Parameters Snmp Trap Configuration Archiving a Switch 15. Restore Dialogs Full and Selective Restoring a Switch Managing Switches Factory Default Configuration Settings Restoring the Factory Default Configuration Downloading a Support File Installing Firmware 16. Hardware Status LEDs Displaying Hardware Status Managing Switches Displaying Hardware Status 59022-11 a Displaying Port Information Managing Ports Monitoring Port Status Displaying Port TypesPort Types Port Speeds Displaying Port Operational StatesDisplaying Port Speeds Port Operational States Transceiver Media View Displaying Transceiver Media Status Port Statistics Data Window Entries LIP ALPD,ALPS Port Information Data Window Entries Port Information Data Window Entries Port Information Data Window Entries Port Properties Dialog Configuring Ports Port Administrative States Changing Port Administrative States Changing Port Speeds Stream Guard Changing Port Types Changing Port Symbolic Name Using the Extended Credits WizardDevice Scan Designate Donor Ports Testing Ports Resetting a Port Testing Ports Fabric View Graphs Graphing Port Performance Starting SANsurfer Performance Viewer This section describes how to do the following Exiting SANsurfer Performance Viewer Save Default Performance View File Dialog Displayed Saving and Opening Performance View Files Setting SANsurfer Performance Viewer Preferences Changing the Default Performance View File Encryption Key Displaying Graphs Setting the Polling Frequency Customizing Graphs Arranging Graphs in the Display Managing Ports Saving Graph Statistics to a File Setting Global Graph TypeRescaling a Selected Graph Printing Graphs Logging On to a Switch Command Line Interface User Accounts Working with Switch Configurations Modifying a Configuration Backing up and Restoring Switch Configurations Ftp ipaddress Table A-1. Command-Line Completion Commands Admin Session Commands Table A-2. Commands Listed by Authority Level Keywords Admin CommandAuthority Syntax Syntax alias Alias Command Members alias Remove alias memberlistRename aliasold aliasnew CIM Command Table A-3. CIM Listener Configuration Parameters CIMListener Command Enter Following is an example of the CIMListener Create command Table A-4. CIM Subscription Configuration Parameters CIMSubscription Command Must be Saved with the cim save command Edit configname Config CommandSyntax config Keywords activate configname Save configname RestoreManager Archive function are not compatible with the Config Restore command # ftp symbolicname or ipaddress Support Create CommandCreate Certificate Command Line Interface Create Command Following is an example of the Create Certificate command Date Command Syntax dateKeywords MMDDhhmmCCYY Firmware Install Command Authority AdminSyntax firmware install Syntax group Group Command Table A-5. ISL Group Member Attributes Keywords add group Table A-6. Port Group Member Attributes Create group type Copy groupsource groupdestination Table A-8. Group Member Attributes Edit group member Securitysets group Members groupRemove group memberlist Rename groupold groupnew ISL Following is an example of the Group Edit command Following is an example of the Group Members command Following is an example of the Group List command Syntax Hardreset Command Authority None Help CommandKeywords command Syntax help command keyword Authority None Syntax history History Command Hotreset Hotreset Command Image Command Are running the same version of firmware FTP. Enter one of the following on the command lineSwitch name associated with the IP address Enter the following account name and password Wait for the unpack to complete Open an Admin session to acquire the necessary authority Lip portnumber Lip CommandFollowing is an example of the Lip command Reinitializes the specified loop port Syntax passwd accountname Keywords accountname Passwd Command Syntax ping ipaddress Keywords ipaddress Ping Command Displays current system process information Ps CommandFollowing is an example of the Ps command Syntax Examples Quit Command Closes the Telnet sessionSyntax quit, exit, or logout Config configname Reset Command System ServicesSwitch Snmp Values Table A-9. Switch Configuration Defaults Arbff Table A-10. Port Configuration Defaults Table A-12. Zoning Configuration Defaults Table A-11. Port Threshold Alarm Configuration Defaults Table A-13. Snmp Configuration Defaults Table A-15. Services Configuration Defaults Table A-14. Radius Configuration Defaults Table A-17. Security Configuration Defaults Table A-16. System Configuration Defaults Keywords active Security Command History Following is an example of the Security Active command Following is an example of the Security Limits command Following is an example of the Security History command Following is an example of the Security List command Securityset Command Rename securitysetold securitysetnew Delete securitysetGroups securityset Remove securityset group Syntax set Set Command Port option Setup optionSwitch state Pagebreak state Port portnumber Set Config CommandSet config Table A-18. Set Config Port Parameters Table A-18. Set Config Port Parameters Security Table A-20. Set Config Switch Parameters Table A-19. Security Configuration Parameters Ratov Threshold Table A-21. Set Config Threshold Parameters Table A-22. Set Config Zoning Parameters Arbff Following is an example of the Set Config Switch command Following is an example of the Set Config Security command Following is an example of the Set Config Threshold command Following is an example of the Set Config Zoning command Component filterlist Set Log CommandSet log Archive Display filter Snmp Stop Level filterPort portlist Start Alarms are always logged and always displayed on the screen Bypass alpa Set Port CommandEnable Keywords portnumber State state Configuration fields Set Setup CommandSet setup Radius Services Snmp System Table A-23. Radius Service Settings Table A-24. Switch Services Settings Table A-24. Switch Services Settings Table A-25. Snmp Configuration Settings Table A-25. Snmp Configuration Settings Table A-26. System Configuration Settings Table A-26. System Configuration Settings Following is an example of the Set Setup Services command Following is an example of the Set Setup Snmp command SANbox2 admin # set setup system Following is an example of the Set Setup System command Keywords about Show Command Fdmi portwwn Alarm optionCimlistener listenername Cimsubscription subscriptionname Pagebreak Log optionLsdb Ns option Tbuf Table A-27. Show Port Parameters LIPF8ALPS Steering domainid Post log „ Zoning History, Limits, List Table A-28. Switch Operational ParametersWhoami Zoneset Active, List Users Displays the current time zone settingTopology Displays all connected devices Following is an example of the Show Fabric command Following is an example of the Show Domains command Following is an example of the Show Fdmi WWN command Following is an example of the Show Fdmi command Following is an example of the Show NS local domain command Following is an example of the Show NS domainID commandFollowing is an example of the Show NS portID command Collisions0 txqueuelen100 Following is an example of the Show Interface command PL-XPL-VC-SG3-22 Following is an example of the Show Port command Following is an example of the Show Topology command Following is an example of the Show Switch command 59022-11 a 101 Following is an example of the Show Version command Show config Show Config Command Following is an example of the Show Config Switch command Following is an example of the Show Config Zoning command Following is an example of the Show Config Threshold command Keywords numberofevents Show Log CommandNone Show log Port SettingsLevel Options Following is an example of the Show Log Level command Following is an example of the Show Log Options commandFollowing is an example of the Show Log command Show Perf Command Following is an example of the Show Perf Byte command Show Setup Command Show setupMfg Following is an example of the Show Setup Radius command Following is an example of the Show Setup Services command Following is an example of the Show Setup Snmp command Following is an example of the Show Setup System command Shutdown Command Power from the switchShutdown Status Test CommandTest Port portnumber testtype Admin start Test port x online Uptime Command Examples The following is an example of the Uptime commandAuthority None Syntax uptime Add User CommandUser Accounts Following is an example of the User Edit command Following is an example of the User Add command Following is an example of the User List command Following is an example of the User Delete command Whoami Command Following is an example of the Whoami commandWhoami Syntax zone Zone Command Type zone zonetype Members zoneRemove zone memberlist Rename zoneold zonenew Following is an example of the Zone Members command Following is an example of the Zone Zonesets command Syntax zoneset Zoneset Command Remove zoneset zonelist Rename zonesetold zonesetnewZones zoneset Opens a Zoning Edit session Zoning Command Limit Description Table A-29. Zoning Database Limits E1JBOD1 E2JBOD2 Following is an example of the Zoning Limits command Following is an example of the Zoning List command Command Line Interface Zoning Command 134 59022-11 a BootP Access Control List ZoneAdministrative State Alarm Fabric Management Switch Class 3 ServiceConfigured Zone Sets Default Visibility Maintenance Mode Input Power LEDInter-Switch Link Maintenance Button Small Form-Factor Pluggable Power On Self Test PostPrincipal Switch SANsurfer Switch Manager Index Index-2 59022-11 a 59022-11 a Index-3 Index-4 59022-11 a 59022-11 a Index-5 Index-6 59022-11 a 59022-11 a Index-7 Index-8 59022-11 a 59022-11 a Index-9 Index-10 59022-11 a