manualshive.com logo in svg

HP StorageWorks 2/16 - SAN Switch, Manual

The HP StorageWorks 2/16 - SAN Switch manual offers comprehensive guidance on utilizing this cutting-edge storage solution. Download this invaluable resource for free from our website and unlock the full potential of your SAN Switch. Get ready to harness the power of seamless storage management with this user-friendly manual.

Share
Download
background image

Diagnostic and system error messages reference guide

124

Fabric OS 3.x Document Addendum

SEC-SECVIOL_DCC

Message

Probable Cause

A DCC security violation was reported. The specified device attempted to perform a FLOGI 
operation to an unauthorized port. The DCC policy correlates specific devices to specific port 
locations. If the device changes connected port, the device is not allowed to perform FLOGI.

Recommended Action

Check the DCC policy and verify that the specified device is allowed in the fabric and is 
included in the DCC policy. If the specified device is not included in the policy, add it to the 
policy. If the device is not allowed, this is a valid violation message and an unauthorized entity 
is trying to gain access to your fabric; take appropriate action as defined by your enterprise 
security policy.

Severity

INFO

SEC-SECVIOL_LOGIN

Message

Probable Cause

A login security violation was reported. An incorrect password was used while trying to log in 
through a console, telnet, HTTP, or API connection; the login failed. 

Recommended Action

Use the correct password.

Severity

INFO

<timestamp>

INFO SEC-SECVIOL_DCC, 4, Security violation: Unauthorized device <device 
node name> tries to flogin to port <port number> of switch <port node 
name>.

<timestamp>

INFO SEC-SECVIOL_LOGIN, 4, Security violation: Login failure attempt via 
<connection method>.  Peer IP: <IP address>

Summary of Contents for StorageWorks 2/16 - SAN Switch

Page 1: ...A TE This document is an addendum for Fabric OS users to supplement the Fabric OS version 3 x documentation set This document is specific to Fabric OS version 3 x and all switches running Fabric OS version 3 x including the HP StorageWorks SAN Switch 2 8 EL SAN Switch 2 16 and MSA SAN Switch 2 8 ...

Page 2: ...s and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Microsoft Windows and Windows NT are U S registered trademarks of Microsoft Corporation UNIX is a registered trademark of The Open Grou...

Page 3: ...user guide 17 Configuring the Web Browser 19 Configuring Internet Explorer 19 Configuring Mozilla 19 Installing the Java Plug in on Windows XP 2000 or NT 20 Installing the Java Plug in on Windows XP 2000 or 2003 20 Two and Four Domain Fabric Licensing 20 Filtering Switch Events 23 Filtering Events by Time Intervals 24 Filtering Events by Event Severity 24 About the Firmware Tab 28 Firmware Tab Exa...

Page 4: ...e 63 Viewing Detailed Information About the Enabled Zone Configuration 64 Displaying an Initiator Target Accessibility 71 3 Zoning version user guide 73 4 Diagnostic and system error messages reference guide 75 5 Extended fabric user guide 129 6 Fabric OS procedures user guide 131 Configuring Standard Security Features 131 Ensuring Network Security 132 Accessing Switches and Fabrics 132 Creating a...

Page 5: ...port 197 portcfgislmode 198 portcfglongdistance 199 portcfglport 202 portshow 203 quietmode 208 secauthsecret 209 secmodeenable 211 snmpmibcapset 217 snmpmibcapshow 219 switchshow 220 switchstatusshow 225 tempshow 226 userconfig 227 zonecreate 231 zoneobjectcopy 233 zoneobjectexpunge 234 zoneobjectrename 236 9 Fabric Watch User Guide 239 Fabric Watch Reports 239 Switch Health Report 239 Fabric Wat...

Page 6: ...annel Tab 39 14 Configure Arbitrated Loop Tab 40 15 Configure System Tab 41 16 Configure Upload Download Tab 42 17 Routing FSPF Route Tab 44 18 Routing Static Route Tab 45 19 Routing Link Cost Tab 46 20 Extended Fabric Tab 47 21 AAA Service Tab 49 22 Trunk Information Tab 52 23 Alarm Notification Tab 53 24 Threshold Configuration Area Configuration Tab 54 25 Email Configuration Tab 56 26 The Fabri...

Page 7: ...Configuration Components 56 9 Email Configuration Field Descriptions 58 10 Name Server Description of Columns 62 11 Zoning Database Limitations 74 12 Access Defaults 133 13 Switch Fabric Settings 165 14 Virtual Channel Settings 168 15 Zoning Operation Parameter 169 16 RSCN Transmission Mode 169 17 Arbitrated Loop Settings 169 18 Enable CLOSE on OPEN Received Values 170 19 System Services Settings ...

Page 8: ...Contents 8 Fabric OS 3 x Document Addendum ...

Page 9: ...Works Zoning Version 3 1 x 4 1 x User Guide part number AA RS26C TE HP StorageWorks Diagnostic And System Error Messages Version 3 1 x Reference Guide part number AA RUPZA TE HP StorageWorks Extended Fabric Version 3 1 x 4 1 x User Guide part number AA RTSDC TE HP StorageWorks Fabric Os Procedures Version 3 1 x 4 1 x User Guide part number AA RS23C TE HP StorageWorks ISL Trunking Version 3 1 x 4 1...

Page 10: ...related documents 1 Locate the Networked storage section of the web page 2 Under Networked storage go to the By type subsection 3 Click SAN infrastructure The SAN infrastructure page displays 4 Locate the Fibre Channel Switches section Locate the B Series Fabric subsection and then go to the Entry Level subsection To access 3 x documents such as this document select the appropriate product for exa...

Page 11: ...indicates that failure to follow directions could result in damage to equipment or data Note Text set off in this manner presents commentary sidelights or interesting points of information Table 1 Document conventions Convention Element Blue text Figure 1 Cross reference links Bold Key and field names menu items buttons and dialog box names Italics File names application names and text emphasis Mo...

Page 12: ...on available before calling Technical support registration number if applicable Product serial numbers Product model names and numbers Applicable error messages Operating system type and revision level Detailed specific questions HP storage web site The HP web site has the latest information on this product as well as the latest drivers Access storage at http www hp com country us eng prodserv sto...

Page 13: ...llowing Telnet commands provide access to four different types of performance monitoring AL_PA monitoring End to end monitoring Filter based monitoring ISL monitoring supported only in Fabric OS v3 2 x On page 37 immediately before the heading Telnet Commands add the following ISL Monitoring Note ISL monitoring is supported only in Fabric OS v3 2 x ISL monitoring measures the outbound traffic goin...

Page 14: ...can display existing ISL monitors using the perfMonitorShow command You can clear ISL monitor counters using the perfMonitorClear command Displaying ISL Monitors Use the perfMonitorShow command to display all the ISL based monitors on a specified port This command displays the following information 64 bit cumulative ISL transmit counter 64 bit cumulative transmit counter for each individual domain...

Page 15: ...ring ISL Monitors Use the perfMonitorClear command to clear ISL monitor counters The following example clears statistical counters for an ISL monitor switch admin perfmonitorclear ISL 0 This will clear ISL monitor on port 0 continue yes y no n no y ISL monitor on port 0 is cleared ...

Page 16: ...Advanced performance monitor user guide 16 Fabric OS 3 x Document Addendum ...

Page 17: ...pdated at different time intervals depending on the number of switches in the fabric On average for a fabric with up to 12 switches the Fabric Tree status is updated every 30 seconds For every additional 12 switches in the fabric an additional 30 seconds is required to update the Fabric Tree status The Switch Information View displays the last time the Fabric Tree status was updated You can also m...

Page 18: ...this release Adequate RAM is required on Windows systems as follows 128 MB or more RAM for fabrics comprising 10 switches or fewer 256 MB or more RAM for fabrics comprising 15 switches or fewer 512 MB or more RAM for fabrics comprising more than 15 switches A minimum of 8 MB of video RAM is also recommended Table 2 Supported platforms Operating system Browser Java plug in RedHat Linux 9 0 Mozilla ...

Page 19: ...ation of Web Tools with Internet Explorer requires specifying the appropriate settings for browser refresh frequency Browser pages should be refreshed frequently to ensure the correct operation of Web Tools To set the refresh frequency 1 Select Preferences from the Edit menu 2 Select the General tab and click Settings under Temporary Internet Files 3 Under Check for newer versions of stored pages ...

Page 20: ...eading and text Two and Four Domain Fabric Licensing If your fabric includes a switch with a license for a limited number of switches in the fabric and the fabric exceeds the switch limit indicated in the license Web Tools allows a 45 day grace period in which you can still monitor the switch Web Tools displays warning messages periodically informing you that your fabric size exceeds the supported...

Page 21: ...tus Button add the following at the end of the procedure 6 Optional Click the underlined links in the left panel to display detailed information about ports and Switch Availability Monitoring SAM Figure 3 shows an example of the Port Detail report 7 Optional Mouse over the Action field and click an action to Refresh the information displayed in the report Customize the report View the data in raw ...

Page 22: ...Advanced Web Tools user guide 22 Fabric OS 3 x Document Addendum Figure 3 Switch status window port detail ...

Page 23: ...the following Filtering Switch Events You can filter the events in the Switch Events window by time and severity You can apply just one type of filter at a time or all types of filters at the same time Click the Filter button to display the Event Filter dialog box Figure 5 When a filter is applied the Show All button is active in the Events Report and the types of filters applied are identified at...

Page 24: ...ime period a Click From and enter the start time and date in the fields b Click To and enter the finish time and date in the fields 6 Optional To filter all events beginning at a certain date and time click From and enter the start time and date in the fields 7 Optional To filter events up until a certain date and time click To and enter the finish time and date in the fields 8 Click OK The filter...

Page 25: ... heading Switch Admin Window Field Descriptions modify original Table 17 Switch Admin Window Field Descriptions as follows Delete the following row In the last row Status Icon in the table replace the following text A green square means the switch is enabled a red square means the switch is disabled With this text The icon means the switch is enabled and the icon means the switch is disabled Reset...

Page 26: ...ls user guide 26 Fabric OS 3 x Document Addendum On original page 95 under the heading Switch Information Tab Example replace original Figure 18 Switch Information Tab with the following Figure 6 Switch Information Tab ...

Page 27: ...e 7 Network Configuration Tab On original page 100 in original Table 19 Network Config Field Descriptions delete the following row And replace it with this row Syslog IP Field Enter any valid IP for a host and click the Add button to configure that IP as a recipient of syslog messages New IP Field Enter any valid IP for a host and click the Add button to configure that IP as a recipient of syslog ...

Page 28: ...oad Tab with the following About the Firmware Tab Use the Firmware tab to complete tasks such as Downloading firmware Returning the switch to the original configuration Rebooting the switch You must provide host information for the download firmware task Firmware Tab Example An example of the Firmware tab is shown in Figure 8 Figure 8 Firmware Tab ...

Page 29: ...otocol Select a download protocol FTP or RSH FTP requires a password to initiate file transfer RSH does not If you select RSH the password field is removed Host IP Enter the IP address of the host File Name Enter the file name of the firmware package to be downloaded User Name Enter the User Name for the owner of the firmware package on the host Password Enter the password of the User who owns the...

Page 30: ...delete the sections Backing Up a Firmware Config File and Performing a Config Download to Switch On original page 106 after the section Performing a Firmware Download add the following sections Performing a Fast Boot To perform a fast boot of a switch 1 Access the Switch Admin Window see About the Switch Admin Window 2 Enter the admin user name and password 3 Select the Firmware tab 4 Click Fastbo...

Page 31: ...l Figure 22 SNMP Tab with the following Figure 9 SNMP Tab Secure Mode disabled On original page 110 in original Table 21 SNMP Field Descriptions under the heading SNMP Field Descriptions modify the following information Delete the following row Trap Level Use to set the severity level of switch events that prompt SNMP traps Default is 0 ...

Page 32: ...e read write access of a particular community string READ ONLY access means that a member of a community string has the right to view but cannot make changes READ WRITE access means that a member of a community string can be both viewed and make changes Access Control Displays the read write access of a particular community string READ ONLY access means that a member of a community string has the ...

Page 33: ... License Admin Tab with the following Figure 10 License Admin Tab On original page 113 under the heading License Admin Field Description delete the following row from original Table 22 License Admin Field Descriptions License Key field Enter a license key to be added or double click a license key from the LicenseKey column to have it display in this field ...

Page 34: ...he Add button And replace them with these three steps 4 Click the Add button 5 Type or paste the new license key in the License Key field 6 Click the Add License button On original page 114 under the heading Remove a License From a Switch replace step 4 4 Enter the license key to remove or double click a license key from the License Key column to display it in License Key field With this step 4 Se...

Page 35: ...ace original Figure 24 Port Setting Tab with the following Figure 11 Port Setting Tab On original page 118 under the heading Enabling Trunking on a Port replace step 4 4 Check the Trunk box that corresponds to the port you wish to trunk With the following 4 Check the Enabling Trunking box that corresponds to the port you want to trunk ...

Page 36: ... page 120 under the heading About the Configure Tab replace the first sentence Use the Configure tab of the Administrative Interface to configure Fabric Parameters Virtual Channel parameters Arbitrated Loop parameters and System Services parameters With this text Use the Configure tab of the Administrative Interface to configure Fabric Parameters Virtual Channel parameters Arbitrated Loop paramete...

Page 37: ...ools user guide 37 Fabric OS 3 x Document Addendum On original page 121 under the heading Configure Fabric Tab Example replace original Figure 25 Configure Fabric Tab with the following Figure 12 Configure Fabric Tab ...

Page 38: ...Class F Traffic When checked translative addressing which allows private devices to communicate with public devices is disabled Switch PID Format Allows you to select a switch PID format from one of the following VC encoding Set this format only if the fabric includes a Fibre Channel Storage Switch 8 or Fibre Channel Storage Switch 16 When set the frame source and destination address use an addres...

Page 39: ...e 39 Fabric OS 3 x Document Addendum On original page 124 under the heading Configure Virtual Channel Tab Example replace original Figure 26 Configure Virtual Channel Tab with the following Figure 13 Configure Virtual Channel Tab ...

Page 40: ...e 40 Fabric OS 3 x Document Addendum On original page 126 under the heading Configure Arbitrated Loop Tab Example replace original Figure 27 Configure Arbitrated Loop Tab with the following Figure 14 Configure Arbitrated Loop Tab ...

Page 41: ...ools user guide 41 Fabric OS 3 x Document Addendum On original page 128 under the heading Configure System Tab Example replace original Figure 28 Configure System Tab with the following Figure 15 Configure System Tab ...

Page 42: ... Field Descriptions add the following sections Configure Upload Download Tab Example An example of the Configure Upload Download Tab is shown in Figure 16 Figure 16 Configure Upload Download Tab Configure Upload Download Field Descriptions The fields available in the Configure Upload Download Tab are described in Table 4 ...

Page 43: ... file with a fully qualified path 11 Click Apply You can monitor the progress by observing the Upload Download Progress bar on the Configure tab Performing a Config Download to a Switch To download a configuration to the switch 1 Access the Switch Admin Window see About the Switch Admin Window 2 Enter the admin user name and password 3 Select the Switch Information tab 4 Disable the switch 5 Click...

Page 44: ...Host IP information 10 Enter the name of the config file with a fully qualified path 11 Click Apply You can monitor the progress by looking at the Upload Download Progress bar on the Configure tab 12 Enable the switch On original page 132 under the heading Routing FSPF Route Tab Example replace original Figure 29 Routing FSPF Route Tab with the following Figure 17 Routing FSPF Route Tab ...

Page 45: ...ser guide 45 Fabric OS 3 x Document Addendum On original page 135 under the heading Routing Static Route Tab Example replace original Figure 30 Routing Static Route Tab with the following Figure 18 Routing Static Route Tab ...

Page 46: ...ting Link Cost Tab Example replace original Figure 31 Routing Link Cost Tab with the following Figure 19 Routing Link Cost Tab On original page 141 under the heading Configuring Link Cost add the following text to the end of step 6 Setting the value to 0 sets the link cost to the default value for that port ...

Page 47: ...the following Extended Fabric Tab Example An example of the Extended Fabric tab is shown in Figure 20 Figure 20 Extended Fabric Tab On original pages 143 and 144 under the heading Extended Fabric Field Descriptions modify the following Replace the first sentence with The fields available in the Extended Fabric tab are described in Table 33 ...

Page 48: ...ormation about the various distances see About the Upload Download Tab Extended Fabric Mode Enable Click the radio button to enable the Extended Fabric mode The switch must be disabled to enable the Extended Fabric mode Disable Click to disable the Extended Fabric Mode VCXLT Link Init Enabled Check the box to enable Virtual Channel link translation See About the Upload Download Tab Port Speed Disp...

Page 49: ... About the AAA Service Tab Use the AAA Service tab to manage the RADIUS server Through the AAA Service tab you can perform the following tasks Enable and disable the RADIUS server Configure the RADIUS server Modify the RADIUS server Modify the order of the RADIUS servers Remove a RADIUS server AAA Service Tab Example An example of the AAA Service tab is shown in Figure 21 Figure 21 AAA Service Tab...

Page 50: ...one as the secondary service 5 Click the Apply button Configuring the RADIUS Server You can configure the RADIUS server even if it is disabled you can configure up to five RADIUS servers You must be logged in as admin to configure the RADIUS server To configure the RADIUS server 1 Access the Switch Admin Window see About the Switch Admin Module 2 Enter the admin user name and password 3 Select the...

Page 51: ...Click Modify The RADIUS Configuration dialog box opens 6 Edit the RADIUS server name which should be a valid IP address or Dynamic Name String DNS Each RADIUS server should have a unique IP address or DNS name for the RADIUS server 7 Optional Edit the port number 8 Optional Edit the secret string 9 Optional Edit the timeout time in minutes 10 Optional Select an authentication protocol from CHAP or...

Page 52: ...the RADIUS Configuration list 5 Click Remove If there is no RADIUS server configured the Remove button is disabled You cannot remove the only RADIUS server if the RADIUS service is the primary AAA service The RADIUS server is not deleted until you apply the changes from the AAA Services tab 6 Click the Apply button On original page 146 under the heading Trunk Information Tab Example replace origin...

Page 53: ...ginal page 175 in original Table 41 Alarm Notification Field Descriptions replace the following row With this row Selected Area Displays the configurable areas in the drop down menu The items listed will change depending on the item selected in the Navigation tree Area Selection Displays the configurable areas in the drop down menu The items listed change depending on the item selected in the Navi...

Page 54: ...iguration Tab On original page 177 in the section Threshold Configuration Tab Example replace the text and the original Figure 42 Threshold Configuration Area Configuration Tab with the following The Threshold Configuration Tab Trait Configuration Tab is shown in Figure 24 Figure 24 Threshold Configuration Area Configuration Tab ...

Page 55: ...des fields to configure Fabric Watch threshold traits For more information see Element Configuration Tab Configuration Report tab Displays the Fabric Watch settings for the class that you select from the Fabric Watch navigation tree For more information see Configuration Report Tab Component Description Unit field Sets or displays the selected unit values used for the chosen area Depending on the ...

Page 56: ...n original page 183 replace original Figure 43 Email Configuration Tab with the following Figure 25 Email Configuration Tab Component Description System Default and Custom Defined checkboxes Select Alarm settings for Errorlog SNMP RAN Portlog and Email to be active on the switch side Activate Level radio buttons Select either System Default or Custom Defined to indicate which traits are to be acti...

Page 57: ...ter custom values in the trait fields such as Unit High Boundary and Low Boundary in the Traits partition 7 Select the Custom Defined radio button 8 Click Apply 9 Select the Alarm Configuration tab The System Default alarms are displayed for the selected class and area If you do not want to change the system default settings you do not need to finish the steps in this procedure If you want to chan...

Page 58: ... same security level as the launch switch Fabric events are not automatically polled You must click Refresh from the Fabric Events window to poll fabric events For switches that have a different level of security from the launch switch a number is displayed indicating how many switches have no events reported from the last polling For detailed information on the switch names and reasons for not po...

Page 59: ...ply just one type of filter at a time or all types of filters at the same time Click the Filter button to display the Event Filter dialog box When a filter is applied the Show All button is active in the Events Report and the types of filters applied are identified at the top of the Events Report To un apply a filter click the Show All button in the Events Report Filtering Events by Time Intervals...

Page 60: ...e click To and enter the finish time and date in the fields 8 Click OK The filter is enabled and the enabled filter type is displayed in the Events Report Filtering Events by Event Severity To filter events by event severity levels 1 Access Web Tools 2 Find the Fabric tool bar 3 Select the Fabric Events icon in the lower corner of the Fabric Tree The Fabric Events window opens 4 Click Filter The E...

Page 61: ...ng Figure 27 Name Server Table Window On original pages 195 and 196 under the heading Name Server Field Descriptions modify the following information In original Table 49 Name Server Description of Fields and Buttons add the following rows Detail View Select to display Name Server information for a particular device Accessible Devices Select to display the zone members of a particular device ...

Page 62: ...de Name of the device port Device Node WWN Displays the World Wide Name of the device node Device Name Displays the symbolic name of the device assigned through the SCSI INQUIRY command WWN Company ID Displays the vendor company based on device WWN Virtual vs Physical Displays the type of device either virtual or physical Host vs Target Displays the type of device either host or target Member of Z...

Page 63: ...he primary switch the Zone Admin icon is displayed in the Fabric Toolbar but not activated For specific information regarding secure fabrics refer to the HP StorageWorks Secure Fabric OS Version 1 0 User Guide When you click the Zone Admin icon from the Fabric Toolbar you must log in as an admin to launch the Zone Admin module A live snapshot is taken of all the zoning configurations at the time y...

Page 64: ...tion About the File Menu add the following section Viewing Detailed Information About the Enabled Zone Configuration 1 Access the Zone Administration window The Zone Configuration in effect at the time you launched the Zone Admin module is identified in the top right corner This information is updated only when you manually refresh the Zone Admin contents by clicking the Refresh icon at the bottom...

Page 65: ...one Admin window Both of these actions display the Effective Configuration dialog box If no zone is enabled a message is displayed indicating that there is no active zoning configuration on the switch On original page 208 in the section Adding a WWN in the Zoning Database replace the following heading Adding a WWN in the Zoning Database With this heading Adding a WWN to Zoning Entities Add the fol...

Page 66: ...cedure replace the following text The old WWN is replaced in the Zoning database by the new WWN including within any Alias or Zone where the old WWN was a member With this text The old WWN is replaced in the Zone Admin buffer by the new WWN including within any Alias or Zone where the old WWN was a member On original page 211 under the heading Refresh Zoning replace the following text in step 2 Th...

Page 67: ...as Tab On original page 221 under the heading Deleting an Alias replace the following text in step 5 The selected Alias is deleted from the zoning database With this text The selected Alias is deleted from the Zone Admin buffer On original page 221 under the heading Renaming an Alias replace the following text in step 6 The Alias is renamed in the zoning database With this text The Alias is rename...

Page 68: ...Zone Tab On original page 227 under the heading Deleting an Zone in step 5 replace the following text The selected Zone is deleted from the zoning database With this text The selected Zone is deleted from the Zone Admin buffer On original page 228 under the heading Renaming a Zone replace the following text in step 6 The zone is renamed in the zoning database With this text The zone is renamed in ...

Page 69: ...elected QuickLoop is deleted from the Zone Admin buffer On original page 233 under the heading Renaming a QuickLoop replace the following text in step 6 The QuickLoop is renamed in the zoning database With this text The QuickLoop is renamed in the Zone Admin buffer On original page 234 under the heading Fabric Assist Example replace original Figure 54 Fabric Assist Tab in the Zone Administration W...

Page 70: ...ed Fabric Assist Zone is deleted from the Zone Admin buffer On original page 239 under the heading Renaming a Fabric Assist Zone replace the following text in step 6 The Fabric Assist Zone is renamed in the zoning database With this text The Fabric Assist Zone is renamed in the Zone Admin buffer On original page 240 under the heading Config Tab Example replace original Figure 55 Config Tab in the ...

Page 71: ...vices you want displayed in the accessibility matrix you can select the radio button for all devices in the fabric or for a subset of the devices If you select a subset you must click the devices from the Select Devices list and then click Add to move them to the Evaluate for Accessibility list 6 Click OK The Initiator Target Accessibility Matrix opens You can mouse over a target to display the sy...

Page 72: ...Advanced Web Tools user guide 72 Fabric OS 3 x Document Addendum ...

Page 73: ...ter the license key in the License Key field and click Add The feature is now activated With this text 6 Click Add 7 Enter the license key in the License Key field and click Add License The feature is now activated On original page 26 under the heading Commands to Open a Transaction add the following rows to the list zoneObjectCopy Copy a zone object zoneObjectExpunge Delete a zone object and remo...

Page 74: ...nts zoning database size limitations for various Fabric OS release versions Table 11 Zoning Database Limitations Note Zoning databases larger than 96 KB are not supported on SAN Switch 2 8 EL and SAN Switch 2 16 with 16 MB of memory Fabric OS Version Maximum Database Size KB 2 4 0 64 2 5 0 64 2 6 0 96 3 0 0 128 3 1 0 96 3 2 x 256 4 0 0 4 1 0 4 2 0 128 4 4 0 256 ...

Page 75: ...e following modules report new AUTH and SEC or modified messages in Fabric OS v3 2 x AUTH CONFIG DIAG FABRIC MS SEC AUTH AUTHCHANGE Message Probable Cause The AUTH database was modified The text message can display the following information Secret database was successfully updated Secret database was successfully removed Recommended Action Verify that this change was intended Severity INFO timesta...

Page 76: ...ended no action is required Severity INFO AUTH AUTHCFGERROR Message Probable Cause The authentication type or the group type was not set The text message can display the following information Failed to set authentication to either fcap dhchap or fcap dhchap Failed to set group type to either 0 1 2 3 4 or 0 1 2 3 4 Recommended Action Usually this problem is transient Retry the command If the comman...

Page 77: ...FO AUTH AUTHWARN Message Probable Cause A WARNING level authentication failure occurred The text message can display the following information Failed to allocate memory for various authentication payloads or messages Recommended Action Usually this problem is transient Reinitialize authentication by issuing switchdisable and switchenable commands or the portdisable and portenable commands If the c...

Page 78: ...AP SLAP authentication messages Incorrect length or content in the FCAP SLAP authentication payload such as nonce length signature length or certificate length Failed to verify different types of authentication messages for example certificate nonce or signature data for FCAP SLAP authentication protocol Specific DH CHAP authentication errors Failed to update remove secret database when using secA...

Page 79: ...whether the problem is consistent Other errors for example invalid nonce signature reply message or response value might indicate that an invalid entity is trying to connect to the switch Check the connection port to verify that there is no security attack Otherwise use the switchdisable and switchenable commands or portdisable and portenable commands to determine whether the problem is consistent...

Page 80: ... BUS_TIMEOUT Message Probable Cause The ASIC register or ASIC SRAM did not respond to an ASIC data access This usually indicates an ASIC failure This message is generated by the portregtest or the sramretentiontest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity...

Page 81: ... initialize due to one of the following reasons Switch is not disabled Diagnostic queue is absent Malloc failed Chip is not present Port is not in loopback mode Port is not active There was a software operational setup error or motherboard failure There occurred a retry reboot or replacement of motherboard assembly timestamp CRITICAL DIAG CAMFLTR 1 test name pass number Pt port info Failed Filter ...

Page 82: ...N Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG CAMSID Message Probable Cause The ASIC failed the SID NO translation test This usually indicates an ASIC failure This message is generated by the camtest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For ...

Page 83: ...Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG CLEAR_ERR Message Probable Cause The port diag error flag OK or BAD is cleared The error code value is for internal use only Recommended Action No action is required Severity INFO timestamp CRITICAL DIAG CAMSTAT 1 test name pass number Pt port information Failed ALI...

Page 84: ...se The ASIC central memory SRAMs did not complete the BISR within the timeout period This usually indicates an ASIC failure This message is generated by the centralmemorytest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch timestamp CRITICAL DIAG CMBISRF 1 test name pass...

Page 85: ...CAL DIAG CMERRTYPE Message Probable Cause The port got the wrong CMEM error type This usually indicates an ASIC failure This message is generated by the centralmemorytest command The error code value is for internal use only timestamp CRITICAL DIAG CMERRPTN 1 test name pass number Pt source port info Pt destination port info Offs offset value err str detected at wrong port Checking Pt check pt is ...

Page 86: ...ndicates an ASIC or motherboard failure This message is generated by the cmitest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL timestamp CRITICAL DIAG CMICKSUM 1 test name pass number Pt source port info Pt destination port info Pt src dst pt Failed g...

Page 87: ...ble Cause The ASIC unintentionally got a CMI capture flag This usually indicates an ASIC or motherboard failure This message is generated by the cmitest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL timestamp CRITICAL DIAG CMIDATA 1 test name pass num...

Page 88: ...Probable Cause An attempt to send a CMI message from one ASIC to another failed This usually indicates an ASIC failure This message is generated by the cmitest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL timestamp CRITICAL DIAG CMINOCAP 1 test name ...

Page 89: ...n be caused by a faulty cable or deteriorated SFP It can also indicate more serious problems in the motherboard or ASIC This message is generated by the crossporttest or portloopbacktest command The error code value is for internal use only Recommended Action Check for a faulty cable or deteriorated SFP Replace the cable or SFP if necessary If the problem persists For the SAN Switch 2 16 replace t...

Page 90: ...ore serious problems in the motherboard or ASIC This message is generated by the portloopbacktest or spinsilk command The error code value is for internal use only Recommended Action Check for a faulty cable or deteriorated SFP Replace the cable or SFP if necessary If the problem persists For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severi...

Page 91: ...sts For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG ERRSTAT BADORD Message Probable Cause The Port Error Statistics counter is nonzero which means that a Bad symbol on fiber optic cable error was detected when receiving frames This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious pro...

Page 92: ...e failed error was detected when receiving frames This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious problems in the motherboard or ASIC This message is generated by the portloopbacktest or spinsilk command The error code value is for internal use only Recommended Action Check for a faulty cable or deteriorated SFP Replace the cable or SFP if necessary If th...

Page 93: ...em persists For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG ERRSTAT ENCIN Message Probable Cause The Port Error Statistics counter is nonzero which means that an Encoding error inside frame error was detected when receiving frames This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious...

Page 94: ...ame error was detected when receiving frames This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious problems in the motherboard or ASIC This message is generated by the portloopbacktest or spinsilk command The error code value is for internal use only Recommended Action Check for a faulty cable or deteriorated SFP Replace the cable or SFP if necessary If the pro...

Page 95: ...FP if necessary If the problem persists For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG INIT Message Probable Cause The port failed to go active in the loopback mode requested This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious problems in the motherboard or ASIC This message is ge...

Page 96: ...t a CMI error interrupt This usually indicates an ASIC failure This message is generated by the cmitest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG INTNOTCLR Message timestamp CRITICAL DIAG INTNIL 1 test name pass number Pt port information Fai...

Page 97: ... Probable Cause The data read from the central memory location did not match data previously written into the same location This usually indicates an ASIC failure This message is generated by the centralmemorytest and cmemretentiontest commands The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the ...

Page 98: ...central memory read short occurred that is a number of bytes were requested but not received This usually indicates an ASIC failure This message is generated by the centralmemorytest and cmemretentiontest commands The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch timestamp CRITICA...

Page 99: ...e only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG MEMNULL Message Probable Cause The ASIC failed to allocate memory This usually indicates a motherboard failure This message is generated by the ramtest command The error code value is for internal use only timestamp CRITICAL DIAG LCMTO 1 test name...

Page 100: ...ocation did not match previously written data into the same location This usually indicates a CPU RAM failure This message is generated by the ramtest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL timestamp CRITICAL DIAG MEMORY 1 test name Memory Erro...

Page 101: ...DIAG NOSEGMENT Message Probable Cause The port failed to go into loopback mode This message usually indicates improper cable connections This message is generated by the spinsilk command The error code value is for internal use only Recommended Action Verify cable connections Reseat the SFPs and cables and then reexecute the test Check for a faulty cable or deteriorated SFP Replace the cable or SF...

Page 102: ...sists For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG PORTDIED Message Probable Cause The port was in loopback mode and then went inactive This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious problems in the motherboard or ASIC This message is generated by the crossporttest portloop...

Page 103: ...tself self loopback This port M to port M connection is not allowed by the test This message usually indicates improper cable connections This message is generated by the spinsilk command The error code value is for internal use only Recommended Action Reconnect port M to a different port N and reexecute the test Severity CRITICAL DIAG PORTSTOPPED Message timestamp CRITICAL DIAG PORTM2M 1 test nam...

Page 104: ...e the cable or SFP if necessary If the problem persists For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG PORTWRONG Message Probable Cause The frame was erroneously received by port M instead of the intended port N This usually indicates an ASIC failure This message is generated by the portloopbacktest command The error c...

Page 105: ... the same location This usually indicates an ASIC failure This message is generated by the portregtest or the sramretentiontest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL timestamp WARNING DIAG POST_SKIPPED 4 Skipped POST tests assuming all ports a...

Page 106: ...er of Class 3 frames received This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious problems in the motherboard or ASIC This message is generated by the portloopbacktest command The error code value is for internal use only Recommended Action Check for a faulty cable or deteriorated SFP Replace the cable or SFP if necessary If the problem persists For the SAN S...

Page 107: ... indicate more serious problems in the motherboard or ASIC This message is generated by the portloopbacktest command The error code value is for internal use only Recommended Action Check for a faulty cable or deteriorated SFP Replace the cable or SFP if necessary If the problem persists For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severit...

Page 108: ...P if necessary If the problem persists For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL DIAG TBRAM_DEC_RWTEST Message Probable Cause The ASIC internal registers failed the read modify write operation This usually indicates an ASIC failure This message is generated by the turboramtest command The error code value is for intern...

Page 109: ...write operation This usually indicates an ASIC failure This message is generated by the turboramtest command The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL timestamp CRITICAL DIAG TBRAM_INC_RWTEST 1 test name pass number Pt port info Failed TurboRAM inc r w te...

Page 110: ... DIAG TIMEOUT Message Probable Cause For portloopbacktest and crossporttest Port failed to receive frame within timeout period For centralmemorytest Port failed to detect an interrupt within the timeout period This can be caused by a faulty cable or deteriorated SFP It can also indicate more serious problems in the motherboard or ASIC The error code value is for internal use only timestamp CRITICA...

Page 111: ...everity CRITICAL DIAG XMIT Message Probable Cause The port failed to transmit a frame This usually indicates an ASIC failure This message is generated by the camtest portloopbacktest and spinsilk commands The error code value is for internal use only Recommended Action For the SAN Switch 2 16 replace the motherboard FRU For the SAN Switch 2 8 EL replace the entire switch Severity CRITICAL timestam...

Page 112: ...er failover the newly active fabric reboots as a subordinate but there is no upstream fabric HA bad EFP resp Received an invalid EFP response HA RJT EFP resp Received an EFP reject response in which this EFP was used for verifying the neighbor s domain list as part of fabric warm start recovery A reject occurs if the neighbor is reconfiguring or the neighbor s port is in a bad state HA DLST EFP re...

Page 113: ...REQUEST_FAIL Message Probable Cause The management server MS received an invalid common transport CT response from switch domain MS expects either a CT accept IU or a reject IU the management server received neither response which violates the Fibre Channel Generic Services FS GS specification Recommended Action Check the integrity of the FC switch at the specified domain It is not sending correct...

Page 114: ...count was created Recommended Action No action is required Severity INFO SEC ACCT Changed Message Probable Cause The specified account has changed Recommended Action No action is required Severity INFO timestamp INFO SEC ACCT 4 message Added account user name with role name authorization timestamp INFO SEC ACCT 4 message Changed account user name ...

Page 115: ...t was deleted Recommended Action No action is required Severity INFO SEC ACCT Recovered Message Probable Cause The specified number of accounts were recovered from backup Recommended Action No action is required Severity INFO timestamp INFO SEC ACCT 4 message Deleted account user name timestamp INFO SEC ACCT 4 message Recovered number of accounts ...

Page 116: ...verity ERROR SEC PIDCHGERR PID Change failed Change Area failed Message Probable Cause Either the defined or active policy could not be updated If the policy database is very large it might not be able to change the area because the new policy database exceeds the maximum size This message can also be caused when the switch is short of memory The status values can be defined active or both A negat...

Page 117: ...IDCHGERR Change failed Can t get sec_db Message Probable Cause The switch security daemon is busy The status values can be defined active or both A negative value means that a policy set was failed by the daemon Recommended Action For the first reject wait a few minutes and then resubmit the transaction Fabric wide commands might take a few minutes to propagate throughout the fabric Make sure to l...

Page 118: ...reliable mechanism to transfer data from one switch to the other switches within the fabric This mechanism guarantees that either all switches commit to the new database or none of them update to the new database This process can fail if one switch in the fabric is busy or in an error state that can not accept the database Recommended Action RCS is used when the security database is changed by a c...

Page 119: ...amp was reset secfcsfailover The primary FCS has failed over to a new switch All password changes A B C account passwords were changed A B C are account names for which passwords are changed configdownload A configdownload was executed that changed the security policy database secpolicysave A change to the security policy database was saved SNMP community string change The admin has made a change ...

Page 120: ...tabase might not be correctly updated for that specific switch The error might also be a result of an internal corruption or a hacker attack to the secure fabric Severity WARNING SEC SECDLFAIL Message Probable Cause The specified domain number failed to download security data after the specified number of attempts The primary switch segments the failed switch after 30 tries The failed switch might...

Page 121: ...d that caused the message Severity INFO SEC SECINFORM Message Probable Cause The primary FCS received a data request from the specified domain For example if the switch fails to update the database or is attacked data injection a message is generated to the primary FCS to try to correct and resync with the rest of the switches in the fabric Recommended Action Check the fabric status using secfabri...

Page 122: ...ECVIOL_API Message Probable Cause An API security violation was reported The specified unauthorized host attempted to establish an API connection Recommended Action Check to see if the host IP address specified in the message can be used to manage the fabric through an API connection If so add the host IP address to the API policy of the fabric If not this is an unauthorized access take the approp...

Page 123: ...ity INFO SEC SECVIOL_TELNET Message Probable Cause A telnet security violation was reported The specified unauthorized host attempted to establish a telnet connection Recommended Action Check to see if the host IP address specified in the message can be used to manage the fabric through a telnet connection If so add the host IP address to the telnet policy of the fabric If not this is an unauthori...

Page 124: ...d in the policy add it to the policy If the device is not allowed this is a valid violation message and an unauthorized entity is trying to gain access to your fabric take appropriate action as defined by your enterprise security policy Severity INFO SEC SECVIOL_LOGIN Message Probable Cause A login security violation was reported An incorrect password was used while trying to log in through a cons...

Page 125: ...e security policy Severity INFO SEC SECVIOL_MSfwrd Message Probable Cause An MS forward security violation was reported A management server command was forwarded from a nonprimary FCS switch Recommended Action Check the management server policy and verify that the connection is allowed If the connection is allowed but not specified enable the connection in MS policy If the MS policy does not allow...

Page 126: ...Message Probable Cause An SNMP security violation was reported The specified unauthorized host attempted to perform a read SNMP operation RSNMP Recommended Action Check RSNMP policy to verify that hosts allowed access to the fabric through SNMP read operations are included in the RSNMP policy If the host is allowed access to the fabric but is not included in the RSNMP policy add the host to the po...

Page 127: ...he switch is not allowed in the fabric this is a valid violation message and an unauthorized entity is trying to access the fabric Take appropriate action as defined by your enterprise security policy Severity INFO SEC SECVIOL_SERIAL Message Probable Cause A serial connection policy security violation was reported An attempt was made to access the serial console when it is disabled Recommended Act...

Page 128: ...hosts are allowed access to the fabric through SNMP If the host is allowed access to the fabric but is not included in the policy add the host to the policy If the host is not allowed access to the fabric this is a valid violation message and an unauthorized entity is trying to access your fabric Take appropriate action as defined by your enterprise security policy Severity INFO timestamp INFO SEC...

Page 129: ...nitialization sequence This mode is used to initiate long distance connections When configuring a long distance connection the first port configured does not require this mode When configuring the second port of a connection use this mode to initiate communication between the ports With this text Specify 1 to activate the long distance link initialization sequence for all ports including the first...

Page 130: ...Extended fabric user guide 130 Fabric OS 3 x Document Addendum ...

Page 131: ...hile it is enabled it segments with a domain overlap message Add the following new chapter after Chapter 2 Configuring Standard Security Features This chapter provides information and procedures for standard Fabric OS security features Standard Fabric OS security features include account and password management Additional security is available when secure mode is enabled For information about lice...

Page 132: ...3 2 x and later supports SSH protocol v2 0 ssh2 For more information on SSH see the SSH IETF web site http www ietf org ids by wg secsh html Fabric OS v3 2 x comes with the SSH server preinstalled however you must select and install the SSH client For information on installing and configuring the F Secure SSH client see the web site http www f secure com Accessing Switches and Fabrics You can disa...

Page 133: ...For large enterprises Fabric OS also supports RADIUS services as described in Setting Up RADIUS AAA Service The following procedures are for operations you can perform on user defined accounts Note If you are operating in secure mode you can perform these operations only on the primary FCS switch To display account information Note Accounts with the admin role can display information about all acc...

Page 134: ...unt Passwords can be from 8 to 40 characters long They are case sensitive and they are not displayed when you enter them on the command line To delete a user defined account Note Accounts with the admin role can delete user defined accounts on the logical switch Accounts with the user role cannot 1 Connect to the switch and log in as admin where name Specifies the account name which must begin wit...

Page 135: ...s can recover accounts The attributes in the backup database replace the attributes in the current account database An event is stored in the system message log indicating that accounts were recovered where username Changes the account attribute for username The account must already exist on the switch r rolename Is an option that changes the role either admin or user in nonsecure mode admin user ...

Page 136: ...t change default account names To change the password for the current login account 1 Connect to the switch and log in as either admin or user 2 Enter the following command passwd 3 Enter the requested information at the prompts To change the password for a different account 1 Connect to the switch and log in as admin 2 Enter the following command passwd name 3 Enter the requested information at t...

Page 137: ...unning v4 4 0 v3 2 x or earlier the way a switch authenticates users depends on whether a RADIUS server is set up for that switch For a switch with RADIUS support and configuration authentication bypasses the local password database For a switch without RADIUS support or configuration authentication uses switch local account names and passwords Secure Fabric OS In secure mode the following items a...

Page 138: ...ds can be centralized on the RADIUS server The login account name assigned role and password are stored on the RADIUS server for each user Setting Up the RADIUS Server You must know the switch IP address or name to connect to switches Use the ipaddrshow command to display a switch IP address User accounts should be set up by their true network wide identity rather than by the account names created...

Page 139: ...res to set up a Windows group of login names assigned to the user role and another Windows group of login names assigned to the admin role 3 Right click the Remote Access Policies icon folder and select New Remote Access Policy 4 In the New Remote Access Policy Wizard window click Next 5 In the Set Up a Custom Policy window Select the Custom policy radio button Enter a policy name for the user rol...

Page 140: ... Attribute 20 In the Configure VSA RFC Compliant window enter the following information in the spaces provided Vendor Assigned Attribute Number 1 Attribute Format string Attribute Value user 21 Click OK 22 Click OK or Close in each window until you reach the New Remote Access Policy Wizard 23 Click Next 24 Click Finish 25 Repeat the procedure to set the admin remote access policy with the followin...

Page 141: ...cret is Secret Make sure that the shared secret matches that configured on the switch see Adding a RADIUS Server 7 Save client config 8 Open the user file in a text editor and add user names and roles for users who will be accessing the switch For example to set up an account called JohnDoe with the admin role 9 Save the user file 10 Enter the following command to start the RADIUS server usr local...

Page 142: ...n error message When the command succeeds an event is sent to the event log indicating that the configuration is enabled or disabled Position The order in which servers are contacted to provide service Server The server names or IP addresses Port The server ports Secret The shared secrets Timeouts The length of time servers have to respond before the next server is contacted Authentication The typ...

Page 143: ...r listed either by name or IP address Enter either the name or IP address of the server to be removed all Is a keyword that removes all servers If RADIUS service is enabled this removes all but the server in the first position If RADIUS service is disabled all servers are removed where server Is a server listed either by name or IP address Enter either the name or IP address of the server to be ch...

Page 144: ...ired RADIUS authentication configuration When the command succeeds it triggers an event log indicating that local database authentication is disabled or enabled Configuring for SNMP You can configure SNMP agents Fabric OS v3 2 x supports SNMPv1 The configuration process involves configuring the SNMP agents MIBs and traps The following commands are used in the process Use the configure command to e...

Page 145: ...configuration Community 1 Secret C0de rw Trap recipient 192 168 1 51 Trap recipient Severity level 4 Community 2 OrigEquipMfr rw Trap recipient 192 168 1 26 Trap recipient Severity level 0 Community 3 private rw No trap recipient configured yet Community 4 public ro No trap recipient configured yet Community 5 common ro No trap recipient configured yet Community 6 FibreChannel ro No trap recipient...

Page 146: ...gEquipMfr Trap Recipient s IP address in dot notation 192 168 1 26 Trap recipient Severity level 0 5 0 Community rw private Trap Recipient s IP address in dot notation 0 0 0 0 192 168 64 88 Trap recipient Severity level 0 5 0 1 Community ro public Trap Recipient s IP address in dot notation 0 0 0 0 Community ro common Trap Recipient s IP address in dot notation 0 0 0 0 Community ro FibreChannel Tr...

Page 147: ... FibreChannel ro No trap recipient configured yet SNMP access list configuration Entry 0 Access host subnet area 192 168 64 0 rw Entry 1 No access host configured yet Entry 2 No access host configured yet Entry 3 No access host configured yet Entry 4 No access host configured yet Entry 5 No access host configured yet Are you sure yes y no n no Committing configuration done agent configuration rese...

Page 148: ...ntDescr the description of the event connUnitSensorStatusChange indicates that the status of the sensor associated with the connectivity unit has changed connUnitSensorStatus the status indicated by the sensor connUnitPortStatusChange indicates that the status of the sensor associated with the connectivity unit has changed connUnitPortStatus shows overall protocol status for the port connUnitPortS...

Page 149: ...w command as in the following example switch admin snmpmibcapshow FE MIB YES SW MIB YES FA MIB YES SW TRAP YES swFCPortScn NO swEventTrap NO swFabricWatchTrap NO swTrackChangesTrap NO FA TRAP YES connUnitStatusChange NO connUnitEventTrap NO connUnitSensorStatusChange NO connUnitPortStatusChange NO SW EXTTRAP NO switch admin ...

Page 150: ...Fabric OS procedures user guide 150 Fabric OS 3 x Document Addendum ...

Page 151: ...rsion 3 1 x 4 1 x User Guide With this text ISL Trunking is supported for normal E_Ports referred to as L0 in the portcfglongdistance command with LWL media up to 5 km at the full speed permitted by the link With LWL media the throughput begins to fall off beyond 5 km due to normal latency effects HP ISL Trunking for Fabric OS v3 2 supports LE L0 5 L1 and LD modes if the LD cable lengths are withi...

Page 152: ...nk group should be configured to be the same Extended Fabrics distance for example LD LD L0 5 L0 5 or L1 L1 As the distance increases more buffer credits are needed and fewer ports can form a trunk group SAN Switch 2 8 EL and SAN Switch 2 16 ASICs limit buffer allocation to 63 maximum per port so long distance trunks can be established only up to this buffer limit Long Distance Trunking Summary Th...

Page 153: ... Fabric OS v3 2 x aaaconfig new for v3 2 x agtcfgshow authutil configdownload configure fabretryshow fabricshow fabstatsshow fwportdetailshow new for v3 2 x fwset new for v3 2 x fwshow pathinfo passwd perfmonitorclear new for v3 2 x perfmonitorshow new for v3 2 x perfshoweemonitor portcfggport portcfgislmode portcfglongdistance portcfglport portshow quietmode secauthsecret new for v3 2 x secmodeen...

Page 154: ...ide 154 Fabric OS 3 x Document Addendum snmpmibcapshow switchshow switchstatusshow tempshow userconfig new for v3 2 x zonecreate zoneobjectcopy new for v3 2 x zoneobjectexpunge new for v3 2 x zoneobjectrename new for v3 2 x ...

Page 155: ...IP Adds a new RADIUS server The minimum required field is the IP address of the server All other fields use defaults port to 1812 timeout to 3 seconds and protocol to CHAP The server is added to the end of the list No more than five RADIUS servers can be configured remove server_IP Deletes the specified RADIUS server if it exists change server_IP p port s secret t timeout chap pap Changes the spec...

Page 156: ... if all of the RADIUS servers are inaccessible users are authenticated from the switch database If the user is not defined in the switch database login fails For the default accounts like root factory admin and user the login is always from the switch database switch admin aaaConfig Usage aaaConfig show display current AAA service configuration add server options add a RADIUS server to configurati...

Page 157: ...el Switch sysLocation The location of the system switch in MIB II definition The default value is End User Premise sysContact The contact information for this system switch The default value is Field Support swEventTrapLevel The event trap level with the event s severity level When an event occurs if its severity level is at or below the set value the SNMP trap and swEventTrap is sent to configure...

Page 158: ...curity policies Operands None Example To display the SNMP agent configuration switch admin agtcfgShow Current SNMP Agent Configuration Customizable MIB II system variables sysDescr FC Switch sysLocation End User Premise sysContact Field Support swEventTrapLevel 3 authTrapsEnabled true SNMPv1 community and trap recipient configuration Community 1 Secret Code rw Trap recipient 192 168 1 51 Community...

Page 159: ...otocol that is set using this command When no protocol is set the default setting is all for example fcap dhchap is used When no group is set the default setting of for example 0 1 2 3 4 is used The new configuration is effective with the next authentication request Use the show option to display the current authentication configuration of the switch Use the portshow command to display the authent...

Page 160: ...u can still select DH CHAP g value which sets Diffie Hellman group DH group Values 0 through 4 and are valid DH group 0 is called NULL DH Each DH group specifies a key size and associated parameters implicitly A higher group value provides stronger cryptography and a higher level of security with the authentication protocol When the DH group is set to a specified value only that DH group is enable...

Page 161: ...e 514 Both of these services are widely available on UNIX hosts but less so on Windows hosts On Windows NT the FTP server might have to be installed from the distribution media and enabled on Windows NT or Windows 9x there are several good freeware and shareware FTP servers available To use RSHD on Windows NT or 9x two utilities are supplied RSHD EXE and CAT EXE together with instructions on how t...

Page 162: ...apply Both defined security policies and active security policies sections must exist and contain the FCS_POLICY In the defined security policies section at least one member of the FCS_POLICY must be the same as a member in the previous FCS_POLICY In the active security policies section the FCS_POLICY must be exactly the same as the previous FCS_POLICY order of members must be maintained If either...

Page 163: ...iately before the zoning lines start at the line Zoning If the configuration file contains keyword enable followed by a zoning configuration that zoning configuration is enabled in the fabric If there is no enable keyword in the configuration file or no zoning configuration by that name exists or if enable fails for any reason such as dangling aliases The effective configuration remains what it wa...

Page 164: ...able the system using the switchdisable command The configure command is navigated by entering a series of hierarchical menus Each top level menu and its associated submenus consists of a text prompt a list of acceptable values if appropriate and a default value shown in brackets The default value is used with the carriage return which is a special input case see Special Inputs on page 172 Switch ...

Page 165: ...nd waits for the next error condition E_D_TOV The error detect timeout value E_D_TOV is displayed in milliseconds This timer is used to flag a potential error condition when an expected response is not received an acknowledgment or reply in response to packet receipt for example within the set time limit If the time for an expected response exceeds the set value an error condition is met Table 13 ...

Page 166: ...reased performance Sequence Level Switching When this feature is set to 1 frames of the same sequence from a particular source are transmitted as a group When set to 0 frames are transmitted interleaved among multiple sequences Under normal conditions sequence level switching should be disabled for better performance However some host adapters have performance issues when receiving interleaved fra...

Page 167: ... and new switches to avoid rebooting host systems when static PID binded is used If VC encoded address mode is not set the default setting is 1 Note The configdefault command does not change switch PID format Per Frame Route Priority In addition to the eight virtual channels used in frame routing priority support also is available for per frame based prioritization when this value it set When set ...

Page 168: ...encoded address mode is set VC Class 2 Specifies the virtual channel used for Class 2 frame traffic This setting is configurable only when VC encoded address mode is set VC Class 3 Specifies the virtual channel used for Class 3 frame traffic This setting is configurable only when VC encoded address mode is set VC Multicast Specifies the virtual channel used for multicast frame traffic This setting...

Page 169: ... is sent to the end device for a switch IP address change or a name change 1 Enabled Domain RSCN is sent to the end device for a switch IP address change or a name change Arbitrated Loop Settings Table 17 defines settings affecting Fibre Channel arbitrated loops that can be changed Each field is described after the table Table 15 Zoning Operation Parameter Field Type Default Range Disable Nodename...

Page 170: ...nd there is a known Open Deadlock defect which has become part of legacy code Preferred default is 4 See Table 18 for possible values Each field is described after the table Do Not Allow AL_PA 0x00 Some loop devices do not operate well with AL_PA 0 on the same loop This option provides a workaround for such devices By default the switch can use a phantom AL_PA 0 for an embedded port in a QuickLoop...

Page 171: ...tem The information returned includes the user login name the system name the login protocol or type login time idle time and remote login location if applicable The retrieval of this information is supported by a number of operating systems that support RPC On most UNIX based systems HP UX Irix Linux Solaris and so forth the command to retrieve the information is rusers Refer to your local system...

Page 172: ... entered alone at a prompt without any preceding input the command accepts the default value if applicable and moves to the next prompt Interrupt Aborts the command immediately and ignores all changes made End of file When entered alone at a prompt without any preceding input terminates the command and saves any changes Table 20 Configure Application Attributes Application Field Type Default Range...

Page 173: ...Priority 2 2 3 2 VC Priority 3 2 3 2 VC Priority 4 2 3 2 VC Priority 5 2 3 2 VC Priority 6 2 3 3 VC Priority 7 2 3 3 Zoning Operation parameters yes y no n no y Disable NodeName Zone Checking 0 1 0 RSCN Transmission Mode yes y no n no y End device RSCN Transmission Mode 0 RSCN with single PID 1 RSCN with multiple PIDs 2 Fabric RSCN 0 2 1 Domain RSCN To End device for switch IP address or name chan...

Page 174: ...f on stats port status or statistics on off on scn a state change notification on off on pstate a port changes physical state on off on reject a received frame is rejected on off on busy a received frame is busied on off on ctin a CT based request is received on off on ctout a CT based response is transmitted on off on errlog a message is added to the error log on off on loopscn a loop state chang...

Page 175: ...e of output displays SW_ISL the ISL ports The subsequent lines display the retry count for the following fabric commands Operands None fabretryshow ELP Exchange link parameters EFP Exchange fabric parameters DIA Domain identifier assigned RDI Request domain identifier BF Build fabric RSCN Remote state change notification FWD Fabric controller forward EMT Fabric controller mark timestamp ETP Exchan...

Page 176: ...e this command to display information about switches and multicast alias groups in the fabric Multicast alias groups are created only on demand by requests from N_Ports attached to the alias server so typically no groups are listed switch user fabretryshow E_Ports SW_ILS 0 1 2 3 4 5 6 7 ELP 0 0 0 0 0 0 0 0 EMT 0 0 0 0 0 0 0 0 ETP 0 0 0 0 0 0 0 0 EFP 0 0 0 0 0 0 0 0 DIA 0 0 0 0 0 0 0 0 RDI 0 0 0 0 ...

Page 177: ...The switch s Domain_ID and embedded port D_ID World Wide Name The switch s World Wide Name Enet IP Addr The switch s FC IP address FC IP Addr The switch s FC IP address Name The switch s symbolic name indicates the principal switch Group ID The alias group number and D_ID Token The alias group token assigned by the N_Port switch admin fabricShow Switch ID Worldwide Name Enet IP Addr FC IP Addr Nam...

Page 178: ... statistics information for the fabric The following information is displayed Number of times a switch domain ID was forcibly changed Number of E_Port offline transitions Number of fabric reconfigurations Number of fabric segmentations due to Loopback Incompatibility Overlap Platform DB Sec Incompatibility Security Violation ECP Error Duplicate WWN E_Port Isolated Operands None fabstatsshow ...

Page 179: ...r of sync loss occurrences exceeded limit for time period PER Number of protocol errors exceeded limit for time period INW Number of invalid words exceeded limit for time period CRC Number of invalid CRC errors exceeded limit for time period PSC Port hardware state changed too often switch user fabstatsshow Description Count Port Time Domain ID forcibly changed 0 E_Port offline transitions 47 5 Re...

Page 180: ...owing operands are supported Example To display the port information for specified ports p portNumber Yields a port detail report for a specific port s portState Yields a port detail report for the specified portState Valid portState entries are h Report based on all healthy ports m Report based on all marginal ports f Report based on all faulty ports o Report based on all offline ports vxTarget a...

Page 181: ...turn off console logging fwset message mlevel Sets a filter for the messages sent to the console Messages must be of the set severity level or higher in order to be output to the console The value 1 turns off all output to the console Valid mlevel values are 1 turn off console logging 0 only panic messages to console 1 critical and above messages to console 2 error and above messages to console 3 ...

Page 182: ... Examples To display the thresholds monitored by Fabric Watch switch admin fwSet port persistence 18 fwshow port persistence Currently port has only one action which is persistence This is the time that a port must be persistently in a state before being marked as such message Displays the severity levels of the messages being sent to the console switch admin fwShow Name Label Last value envTemp00...

Page 183: ...perature 1 Monitored for 1283 21 mins Last checked 10 50 21 on 02 01 2000 Lower bound 0 C Upper bound 75 C Buffer Size 10 Value history 33 C Disabled No Locked No switch admin fwShow envTemp Name Label Last value envTemp001 Env Temperature 1 31 C envTemp002 Env Temperature 2 35 C envTemp003 Env Temperature 3 37 C envTemp004 Env Temperature 4 37 C envTemp005 Env Temperature 5 37 C switch admin fwSh...

Page 184: ... representation in the switchshow command In addition pathinfo can provide upon request statistics on every traversed ISL Routing and statistics information is provided by every switch along the path based on the current routing tables and statistics calculated continuously in realtime Each switch represents one hop Other options allow the collection of information on the reverse path or on a user...

Page 185: ...s in the reverse path if tracing of the reverse path is requested The default value for the maximum hop count is 25 Basic statistics Basic statistics report variables that give an indication of ISL congestion along the path They consist of the following Extended statistics Extended statistics report variables are Reverse path The path from port A on switch X to port B on switch Y might be differen...

Page 186: ...wo switches are specified back to back in the source route descriptor but are not directly connected the switches in between are ignored In case of a loose source route the switches in between are reported The concepts of strict and loose route apply to the portions of the path described by domains not to the part described by output ports or areas Operands The following operands are allowed Witho...

Page 187: ...no extended stats Requests the reporting of extended statistics on every link default is no trace reverse path Provides path information from the destination port to the source port default is no source route Specifies a sequence of switches or ports that the pathinfo frame should hop Note that if an output port or area to the next hop is specified the user is not prompted for the domain of the ne...

Page 188: ... yes y no n no y Extended stats yes y no n no y Trace reverse path yes y no n no Source route yes y no n no Timeout 1 30 5 Target port is Embedded Hop In Port Domain ID Name Out Port BW Cost 0 E 9 web226 2 1G 1000 Port E 2 Tx Rx Tx Rx B s 1s 0 0 B s 64s 1 1 Txcrdz 1s 0 Txcrdz 64s 0 F s 1s 0 0 F s 64s 2743 0 Words 2752748 2822763 Frames 219849 50881 Errors 0 Hop In Port Domain ID Name Out Port BW C...

Page 189: ... B s 1s 36 76 0 0 B s 64s 5 5 5 5 Txcrdz 1s 0 0 Txcrdz 64s 0 0 F s 1s 1 1 0 0 F s 64s 0 0 0 0 Words 240434036 2294316 2119951 2121767 Frames 20025929 54999 162338 56710 Errors 4 0 Hop In Port Domain ID Name Out Port BW Cost 2 14 8 web228 E Port 14 E Tx Rx Tx Rx B s 1s 0 0 B s 64s 5 5 Txcrdz 1s 0 Txcrdz 64s 0 F s 1s 0 0 F s 64s 0 0 Words 20158695 1021842 Frames 1665662 56849 Errors 4 passwd ...

Page 190: ...ed if the password of the user account is changed The command is disabled until the user has changed all login passwords from the manufacturer s defaults or the switch was in secure mode before If a user is authenticated by RADIUS and invokes this command the password of the account to which the user s role is mapped is changed For example if user Bob s login role is mapped to admin when Bob execu...

Page 191: ... a valid recognized user name on the system Permission denied The current user does not have permission to change the user name or password for the specified user Incorrect password The user has not entered the correct password when prompted for the old password Password unchanged The user has entered the carriage return special input case skipping the entire password change process Number of fail...

Page 192: ... been cleared Issuing the portstatsclear command on a port also results in all monitors being cleared for all the ports in the same quad Operands This command has the following operands Examples To clear statistics counters for an end to end monitor To clear statistics counters for a filter based monitor perfmonitorclear monitor_class The monitor class which can be one of EE end to end FLT filter ...

Page 193: ...rval basis for all the valid monitors on the port in the units of bytes For filter based monitors when an interval is not specified or 0 is specified the command displays only the 64 bit frame in hexadecimal When a nonzero interval is specified for each monitor on the port a rolling table of cumulative frame counts is displayed in decimal for each monitor For ISL monitors the command displays the ...

Page 194: ... 0x0000000000000000 0x000000000025ad4f 0x0000000000000000 1 0xb1200 0xb22ef TELNET N A 0x0000000000000000 0x000000000025ad4f 0x0000000000000000 switch admin perfMonitorShow EE 3 1 Showing EE monitors 3 1 Tx Rx are of bytes and crc is of crc errors 0 1 crc Tx Rx crc Tx Rx 0 0 1 2k 0 0 1 2k 0 0 272 0 0 272 0 0 136 0 0 136 0 0 272 0 0 272 0 0 272 0 0 272 0 0 204 0 0 204 0 0 204 0 0 204 0 0 136 0 0 13...

Page 195: ... this ISL See Also perfaddeemonitor perfaddusermonitor switch admin perfMonitorShow FLT 4 1 Showing filter monitors 4 1 0 1 Frames CMDs 0 0 0 0 0 10 20k 0 0 0 switch admin perfmonitorshow ISL 7 Total transmit count for this ISL 21748 g 780204495 Number of destination domains monitored 16 Number of ports in this ISL 1 Domain 84 0 Domain 88 0 Domain 89 0 Domain 90 0 Domain 91 0 Domain 92 0 Domain 95...

Page 196: ... a per interval basis for all the valid monitors on the port in the units of bytes End to end monitor monitors the traffic on receiving port See perfaddeemonitor for more details on how to specify a monitor you want Operands This command has the following operands Examples To display EE monitors on port 3 perfshoweemonitor port Specify the port number where you want to display the end to end monit...

Page 197: ...a G_Port The switch then attempts to initialize that port as only a G_Port The switch never attempts loop L_Port initialization on the port The configuration is saved in nonvolatile memory and is persistent across a switch reboot or power cycle switch admin perfShowEEMonitor 3 1 Showing EE Monitors 3 1 Tx Rx are of bytes and crc is of crc errors 0 1 crc Tx Rx crc Tx Rx 0 0 1 2k 0 0 1 2k 0 0 272 0 ...

Page 198: ...abled or disabled When enabling ISL R_RDY mode and when the neighboring switch is of the same brand the PID format between the switches must be the same Note The portcfgislmode and portcfglongdistance modes cannot both be enabled at the same time otherwise the fabric segments port_number The port number to be configured 0 through 7 or 0 through 15 mode A value of 1 means port_number is designated ...

Page 199: ... Description Use this command to allocate enough full size frame buffers on a particular port to support a long distance link up to 100 km The port can be used as either an Fx_Port or an E_Port The configuration is saved in nonvolatile memory and is persistent across switch reboots or power cycles When this command is invoked without user supplied operands the operands are assigned default values ...

Page 200: ...nnot both be enabled at the same time otherwise the fabric segments Operands The following operand is required The following operands are optional L0 Reconfigure the port to be a regular switch port The number of buffers reserved for the port supports up to 10 km links at 1 Gbit sec LE Level E mode is for E_Ports for distances beyond 5 km and up to 10 km The number of buffers reserved for the port...

Page 201: ... fabric mode for instance the long distance fabric mode bit must be set to be 1 Otherwise the fabric segments In fact you cannot configure a long distance port in a switch unless the long distance fabric mode is on for that switch For the same reason when all ports are reconfigured to non long distance ports you must reconfigure the long distance fabric mode for that switch This restriction does n...

Page 202: ...st be the second parameter Without any operand the command reports a list of ports and their current settings If the port under configuration is a QuickLoop port all three modes are required when using portcfglport to configure this loop port to be half duplex for example portcfglport port_number mode mode1 mode2 portcfglport port_number The port number to be configured 0 through 7 or 0 through 15...

Page 203: ...hshow Displays port status Syntax portshow port_number Availability All users sw5 admin portCfgLport 3 0 1 1 Committing configuration done sw5 admin portCfgLport Ports 0 1 2 3 4 5 6 7 Lock Private YES Loop HD YES Fairness sw5 admin portCfgLport 5 0 0 2 Committing configuration done sw5 admin portCfgLport Ports 0 1 2 3 4 5 6 7 Lock Private YES Loop HD YES Fairness YES portshow ...

Page 204: ...ne DHCHAP DH CHAP authentication was done Also displays DH group and hash used for authentication portFlags A bit map of port status flags portType The port s type and revision numbers portState The port s SNMP state Online Up and running Offline Not online portPhys gives details Testing Running diagnostics Faulty Failed diagnostics portPhys The port s physical state No_Card No interface card pres...

Page 205: ...t are not counted elsewhere Lli Low level interface physical state primitive seqs Proc_rqrd Frames delivered for embedded N_Port processing Timed_out Frames that have timed out Rx_flushed Frames requiring translation Tx_unavail Frames returned from an unavailable transmitter Free_buffer Free buffer available interrupts Overrun Buffer overrun interrupts Suspended Transmission suspended interrupts P...

Page 206: ...ort enters a loss of signal state Protocol_err Number of occurrences of the link failure condition in which either an LR or LRR primitive sequence was received while in OL3 wait for OLS state Invalid_word Number of encoding disparity errors inside of frames Invalid_crc Number of CRC errors Delim_err Number of SOF or EOF errors Address_err Number of IUs with a nonzero status received Lr_in Number o...

Page 207: ...te 1Online portPhys 6In_Sync portScn 5E_Port portRegs 0x80000000 portData 0x10fa9ef0 portId 011300 portWwn 20 03 00 60 69 00 00 10 portWwn of device s connected 20 00 00 60 69 50 03 83 Distance normal Speed 2Gbps Interrupts 15502 Link_failure 0 Frjt 0 Unknown 0 Loss_of_sync 2 Fbsy 0 Lli 12 Loss_of_sig 1 Proc_rqrd 15484 Protocol_err 0 Timed_out 0 Invalid_word 0 Rx_flushed 0 Invalid_crc 0 Tx_unavail...

Page 208: ...ynchronous events such as the fabric reconfiguring or by devices logging in When quiet mode is on only output produced by shell commands is shown all asynchronous output produced by other tasks is suppressed This is useful when driving a telnet session by way of a script which cannot expect any asynchronous output Error log messages are not controlled by quiet mode settings Operand The newMode ope...

Page 209: ...ta is effective with the next authentication request The configuration applies to a switch instance only Operands Without any specified action the command displays the usage Specify action as one of following Examples To display the secret key information secauthsecret show Lists the WWNs for which the shared secret is configured set Sets shared secrets with a WWN remove wwn domain sw name Removes...

Page 210: ...ch secret is being set up 2 Peer secret The secret of the peer that authenticates to peer 3 Local secret The local secret that authenticates peer Press Enter to start setting up shared secrets Enter WWN Domain or switch name Leave blank when done 10 00 00 60 69 80 05 14 Enter peer secret Re enter peer secret Enter local secret Re enter local secret Enter WWN Domain or switch name Leave blank when ...

Page 211: ...rds on all FCS switches in the fabric Resetting the admin account password on all non FCS switches in the fabric Disabling the root and factory accounts on all non FCS switches in the fabric The administrator is prompted to enter new passwords for the following accounts root factory admin user non FCS admin The prompts do not appear if the administrator chooses to use the passwords on the primary ...

Page 212: ... Use the current passwords of the switch the command is run on the primary FCS switch for root factory admin and user accounts A non FCS admin account password is set the same as FCS admin account password The command does not prompt for new passwords Only sessions whose account password has changed are logged out This option can be used only on a fabric with secure mode disabled and only when the...

Page 213: ...nter new passwords for root factory admin user and non FCS admin accounts All operands must be specified within double quotes quickmode Shorthand notation for a combination of the previous options for example currentpwd lockdown fcs On successful execution of the command security is enabled in the fabric All switches are FCS and have passwords identical to that on the primary FCS SCC and DCC polic...

Page 214: ... of this command login sessions might be closed and some switches may go through a reboot to form a secure fabric This is an interactive session to create a FCS list The new FCS list is empty Enter WWN Domain or switch name Leave blank when done 102 Switch WWN is 10 00 00 60 69 80 04 0f The new FCS list 10 00 00 60 69 80 04 0f Enter WWN Domain or switch name Leave blank when done 10 00 00 60 69 80...

Page 215: ...ecurity features of the software installed on this equipment is subject to the End User License Agreement provided with the equipment and the Certification Practices Statement which you may review at http www switchkeyactivation com cps By using these security features you are consenting to be bound by the terms of these documents If you do not agree to the terms of these documents promptly contac...

Page 216: ...features you are consenting to be bound by the terms of these documents If you do not agree to the terms of these documents promptly contact the entity from which you obtained this software and do not use these security features Do you agree to these terms yes y no n no y This command requires Switch Certificate Security license and Zoning license to be installed on every switch in the fabric PLEA...

Page 217: ...mediately If SNMP MIB is disabled corresponding traps are disabled also If any trap group is disabled corresponding individual traps are disabled also The FE and SW MIBs are always accessible The snmpmibcapset command does not prompt the user to turn on or off these MIBs snmpmibcapset FA MIB Specifying yes means the user can access FA MIB variables with an SNMP manager The default value is yes SW ...

Page 218: ...has been set to support FE MIB SW MIB FA MIB SW TRAP swFCPortScn swEventTrap swFabricWatchTrap swTrackChangesTrap FA TRAP connUnitStatusChange connUnitEventTrap connUnitSensorStatusChange connUnitPortStatusChange FA MIB yes y no n yes n SW TRAP yes y no n yes swFCPortScn yes y no n yes swEventTrap yes y no n yes n swFabricWatchTrap yes y no n yes swTrackChangesTrap yes y no n yes n SW EXTTRAP yes ...

Page 219: ...immediately If SNMP MIB is disabled corresponding traps are disabled also If any trap group is disabled corresponding individual traps are disabled also The FE and SW MIBs are always accessible The snmpmibcapset command does not prompt the user to turn on or off these MIBs snmpmibcapshow FA MIB Specifying yes means the user can access FA MIB variables with an SNMP manager The default value is yes ...

Page 220: ...ion Some information varies with the switch model for instance the number of ports and domain ID values The lines of the output display the following Cylon51 admin snmpmibcapshow FE MIB YES SW MIB YES FA MIB YES SW TRAP YES swFCPortScn YES swEventTrap YES swFabricWatchTrap YES swTrackChangesTrap YES FA TRAP YES connUnitStatusChange YES connUnitEventTrap YES connUnitSensorStatusChange YES connUnitP...

Page 221: ...orld Wide Name switchBeacon The switch s beaconing state either ON or OFF Zoning The switch s zoning state either ON or OFF and effective zone configuration within parenthesis port number The port number 0 through 7 or 0 through 15 module type The port module type GBIC or other No module present sw Shortwave laser lw Longwave laser cu Copper id Serial ID Use the gbicshow command to display whether...

Page 222: ...ars in the format Lx where x is the long distance level number See portcfglongdistance for the level description comment The comment field either can be blank or display Disabled The port is disabled Bypassed The port is bypassed loop only Loopback The port is in loopback mode E_Port Fabric port displays WWN of attached switch F_Port Point to point port displays WWN of attached N_Port G_Port Point...

Page 223: ...ame of the switch connected One or more interswitch link attributes Trunk master The port is the master port in a group of trunking ports Trunk port master is port x The port is configured as a trunking port the master port is port x Upstream This E_Port is an upstream path towards the principal switch of the fabric Downstream This E_Port is a downstream path away from the principal switch of the ...

Page 224: ... portcfgshow switch admin switchShow switchName sw5 switchType 2 1 switchState Online switchRole Subordinate switchDomain 1 switchId fffc01 switchWwn 10 00 00 60 69 00 00 0b switchBeacon OFF Zoning ON c1 port 0 sw 2G Online F Port 20 00 00 20 46 30 48 38 port 1 sw AN No_Light port 2 sw 2G Online F Port 10 00 00 e0 69 00 02 b1 port 3 sw N2 In_Sync port 4 AN No_Module port 5 AN No_Module port 6 cu 1...

Page 225: ...h license are able to display the list of unhealthy ports if such ports exist The contributors to switch health are Power supplies Temperatures Fans WWN server dual CP systems only Switch redundancy dual CP systems only with HA enabled Blade status bladed systems only Port status Faulty ports Missing SFPs The overall status can be in one of the following HealthyEvery contributor is healthy Margina...

Page 226: ...m each temperature sensor located on the switch s main printed circuit board PCB The sensors are located approximately one in each corner and one at the center of the PCB Operands None swd_152 admin switchstatusshow Switch Health Report Report time 07 22 2003 09 12 39 AM Switch Name swd_152 IP address 192 168 204 152 SwitchState HEALTHY Duration 00 31 Power supplies HEALTHY Temperature sensors HEA...

Page 227: ...Fabric OS mode the actions associated with this command to add delete change or recover accounts are allowed only on the primary FCS switch The primary FCS switch distributes the update to the entire fabric As a result all switches supporting customer defined accounts have the same account database All accounts that are not consistent with the primary FCS switch are deleted and saved in the backup...

Page 228: ...ed by Secure Fabric OS operations show username a b Displays information about the current login account the account named username or all accounts either in the active or backup account database If running from an account with user level permission it can display information only about itself userconfig show Displays information about the current login account userconfig show username Displays in...

Page 229: ...underscores The maximum length of username is 40 characters description is optional the maximum length is 40 displayable ASCII characters rolename must be either user admin or nonfcsadmin The nonfcsadmin role is applicable only in secure mode In nonsecure mode it is the same as admin There can be maximum 15 customer created accounts for a switch delete username Deletes an existing account named us...

Page 230: ...ription of any default accounts An account cannot change the rolename or description for accounts at the same or higher authorization level An account cannot change the rolename of itself Except the default root account no account can disable itself recover Recovers all accounts from the backup database After accounts were recovered they are no longer present in the backup database The backup data...

Page 231: ...s the port number on that switch for example 2 12 specifies port 12 on switch number 2 When a zone member is specified by physical fabric port number all devices connected to that port are in the zone If this port is an arbitrated loop all devices on the loop are in the zone World Wide Names are specified as eight hexadecimal pairs separated by colons for example 10 00 00 60 69 00 00 8a Zoning has...

Page 232: ...te This command changes the defined configuration see cfgshow For the change to become effective an appropriate zone configuration must be enabled using the cfgenable command For the change to be preserved across switch reboots it must be saved to nonvolatile memory using the cfgsave command When security is enabled this command can be issued only from the primary FCS switch Operands The following...

Page 233: ...d across switch reboots it must be saved to nonvolatile memory using the cfgsave command For the change to become effective an appropriate zone configuration must be enabled using the cfgenable command See the zonecreate command for more information on name and member specifications Note This command requires an Advanced Zoning license When security is enabled this command can be issued only from ...

Page 234: ... removed from the database You can use this command for all zone object types including CFG zone and alias This command changes the defined configuration For the change to be preserved across switch reboots it must be saved to nonvolatile memory using the cfgsave command For the change to become effective an appropriate zone configuration must be enabled using the cfgenable command Note This comma...

Page 235: ...0 loop1 zone White_zone 1 3 1 4 alias array1 21 00 00 20 37 0c 76 8c 21 00 00 20 37 0c 71 02 alias array2 21 00 00 20 37 0c 76 22 21 00 00 20 37 0c 76 28 alias loop1 21 00 00 20 37 0c 76 85 21 00 00 20 37 0c 71 df switch admin zoneObjectExpunge White_zone switch admin cfgShow Defined configuration cfg USA_cfg Red_zone Blue_zone zone Blue_zone 1 1 array1 1 2 array2 zone Red_zone 1 0 loop1 alias arr...

Page 236: ...eboots it must be saved to nonvolatile memory using the cfgsave command For the change to become effective an appropriate zone configuration must be enabled using the cfgenable command See the zonecreate command for more information on name and member specifications Note This command requires an Advanced Zoning license When security is enabled this command can be issued only from the primary FCS s...

Page 237: ...Fabric OS reference guide 237 Fabric OS 3 x Document Addendum See Also cfgadd cfgclear cfgdelete cfgdisable cfgenable cfgremove cfgsave cfgshow zoneobjectcopy ...

Page 238: ...Fabric OS reference guide 238 Fabric OS 3 x Document Addendum ...

Page 239: ...e reports that contain the same information but it is presented differently Switch Health Report The switch health report summarizes the overall health of a switch at a particular instant The report lists Current health of each port based on the currently configured policy settings High level state of the switch as well as its power supplies fans and temperatures All ports that are in an abnormal ...

Page 240: ... to DOWN FAILED Table 21 Fabric Watch Message Elements Format Element Description Severity Fabric Watch generated The level of severity of the message Severity levels are INFO an informational message indicating that a nominal event has occurred WARNING indicates that a non catastrophic error has occurred Severity Number A system generated value that indicates the level of severity Valid values ar...

Page 241: ... recipient severity level filter on SNMP The trap severity level is associated with each trap recipient s IP address After specifying the IP address specify the severity level for an event That IP address and only that IP address then receives notifications when the severity level for that event is reached or surpassed You do receive notifications unless the error matches or surpasses the specifie...

Page 242: ...state of health and all measurements contributing to that state The port detail report is a Fabric Watch licensed product Figure 34 shows an example of a port detail report An X in the column for a condition indicates that the condition has exceeded the threshold a hyphen indicates that the measurement is within range Switch1_216 root switchstatusshow Switch Health Report Report time 09 17 2004 9 ...

Page 243: ...LINE 062 11 013 U OFFLINE 062 11 014 U OFFLINE 062 11 015 U OFFLINE 062 11 016 U OFFLINE 062 11 Report Item Description LFA Link loss the number of link loss occurrences out of range for the time period LSY Sync loss the number of sync loss occurrences out of range for the time period LSI Signal loss the number of signal loss occurrences out of range for the time period PER Protocol error the numb...

Page 244: ...e monitor triggers Whenever a monitored value deviates from a user defined range the state of the port changes from a healthy state to an abnormal state A port must remain in the abnormal state for a user defined period of time before the port state affects the overall switch state The monitor returns to a normal state when a problem is temporary However if the problem persists for 18 seconds or m...

Page 245: ... tools 18 C camtest command 82 centralmemorytest command 84 89 cfgenable command 232 cfgsave command 232 cfgshow command 232 changing account password 136 clearing ISL monitors 15 cmemretentiontest command 97 cmitest command 80 86 commands aaaconfig 138 155 agtcfgdefault 145 148 219 agtcfgset 145 147 241 agtcfgshow 145 146 157 alicreate 232 authutil 159 camtest 82 centralmemorytest 84 89 cfgenable...

Page 246: ... configure virtual channel tab 39 configure command 132 145 164 configuring RADIUS server 50 configuring security features 131 conventions document 11 text symbols 11 D data field size 166 DIAG BADINT message 80 DIAG BUS_TIMEOUT message 80 DIAG CAMFLTR message 81 DIAG CAMINIT message 81 DIAG CAMSID message 82 DIAG CAMSTAT message 83 DIAG CLEAR_ERR message 83 DIAG CMBISRF message 84 DIAG CMBISRTO m...

Page 247: ...ow command 176 fabstatsshow command 178 fast boot performing 30 fields license key 73 filtering fabric events 59 filtering switch events 23 filtertest command 81 firmware tab 28 29 firmwaredownload command 132 fwportdetailshow command 179 fwset command 181 fwshow command 182 G gbicshow command 221 general tab 19 getting help 12 H help obtaining 12 HP authorized reseller 12 storage web site 12 tech...

Page 248: ...EC_INFO 121 SEC SEC_STATS 122 SEC SECCHANGE 119 SEC SECDBFAIL 120 SEC SECDLFAIL 120 SEC SECINFORM 121 SEC SECVIOL_API 122 SEC SECVIOL_DCC 124 SEC SECVIOL_HTTP 123 SEC SECVIOL_LOGIN 124 SEC SECVIOL_MSaccess 125 SEC SECVIOL_MSfwrd 125 SEC SECVIOL_MSop 126 SEC SECVIOL_RSNMP 126 SEC SECVIOL_SCC 127 SEC SECVIOL_SERIAL 127 SEC SECVIOL_TELNET 123 SEC SECVIOL_WSNMP 128 modifying RADIUS server 51 modifying...

Page 249: ...BFAIL message 120 SEC SECDLFAIL message 120 SEC SECINFORM message 121 SEC SECVIOL_API message 122 SEC SECVIOL_DCC message 124 SEC SECVIOL_HTTP message 123 SEC SECVIOL_LOGIN message 124 SEC SECVIOL_MSaccess message 125 SEC SECVIOL_MSfwrd message 125 SEC SECVIOL_MSop message 126 SEC SECVIOL_RSNMP message 126 SEC SECVIOL_SCC message 127 SEC SECVIOL_SERIAL message 127 SEC SECVIOL_TELNET message 123 SE...

Page 250: ...ng distance 152 long distance requirements 152 long distance summary 152 turboramtest command 108 U upload download tab 29 userconfig command 134 135 227 user defined accounts creating 133 maintaining 133 V VC encoded address mode field 166 VC_Translation mode 129 virtual channel settings field 167 W WAN_TOV field 166 web sites HP storage 12 web tools browsers supported by 18 Windows 2000 RADIUS s...

Reviews:

No comments

Related manuals for StorageWorks 2/16 - SAN Switch

Samsung SCX-300CM Quick Start Manual preview
SCX-300CM
Brand: Samsung Pages: 2
Radial Engineering R800 1018 User Manual preview
R800 1018
Brand: Radial Engineering Pages: 4
Datalogic JoyaTouch Safety & Regulatory Manual preview
JoyaTouch
Brand: Datalogic Pages: 2
S-5! S-5-R465 Installation Instructions preview
S-5-R465
Brand: S-5! Pages: 2
ricoo S7411 Quick Start Manual preview
S7411
Brand: ricoo Pages: 2
Salamander EZ-LIFT Series User Manual preview
EZ-LIFT Series
Brand: Salamander Pages: 12
Loewe Floor Stand I 40 Installation Instructions Manual preview
Floor Stand I 40
Brand: Loewe Pages: 28
Ultimate Support Live Mic Stand Series Product Manual preview
Live Mic Stand Series
Brand: Ultimate Support Pages: 2
iTOOLco RBJ20K User Manual preview
RBJ20K
Brand: iTOOLco Pages: 15
Phoenix RK Rose+Krieger 193000078C66 Technical Instruction preview
RK Rose+Krieger 193000078C66
Brand: Phoenix Pages: 8
Manfrotto 725B Instructions preview
725B
Brand: Manfrotto Pages: 2
SIIG CE-MT1X12-S1 Installation Manual preview
CE-MT1X12-S1
Brand: SIIG Pages: 12
B-Tech AV Mounts BT8322 Installation Manual preview
AV Mounts BT8322
Brand: B-Tech Pages: 12
Konig & Meyer 18811 Manual preview
18811
Brand: Konig & Meyer Pages: 4
Taylor Made KW Series Manual preview
KW Series
Brand: Taylor Made Pages: 8
King Tony 9TY135-150 Operation Manual preview
9TY135-150
Brand: King Tony Pages: 4
Konig & Meyer 16450 Manual preview
16450
Brand: Konig & Meyer Pages: 4
Eono PL02 Instruction Manual preview
PL02
Brand: Eono Pages: 20

Brands by name

Popular brands

Load more brands