Access Gateway

53-1001189-01 November 24, 2008
Access Gateway
Administrators Guide
Supporting Fabric OS 6.2.0
Copyright 2007-2008 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks and the Brocade B-wing symbol, DCX, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find-out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated

Corporate Headquarters Brocade Communications Systems, Inc. 1745 Technology Drive San Jose, CA 95110 Tel: 1-408-333-8000 Fax: 1-408-333-8101 Email: info@brocade.com European and Latin American Headquarters Brocade Communications Switzerland Srl Centre Swissair Tour B - 4me tage 29, Route de l'Aroport Case Postale 105 CH-1215 Genve 15 Switzerland Tel: +41 22 799 5640 Fax: +41 22 799 5641 Email: emea-info@brocade.com Asia-Pacific Headquarters Brocade Communications Singapore Pte. Ltd. 30 Cecil Street #19-01 Prudential Tower Singapore 049712 Tel: +65-6538-4700 Fax: +65-6538-0302 Email: apac-info@brocade.com
Document History
The following table lists all versions of the Access Gateway Administrators Guide.
Document Title
Access Gateway Administrators Guide Access Gateway Administrators Guide Access Gateway Administrators Guide
Publication Number
53-1000430-01 53-1000633-01 53-1000605-01
Summary of Changes
First version Added support for the 200E Added support for new policies and changes to N_Port mappings.
Publication Date
January 2007 June 2007 October 2007
Access Gateway Administrators Guide
53-1000605-02
March 2008 Added support for new platforms: 300 and the 4424. Added support for new features: - Masterless Trunking - Direct Target Connectivity - Advance Device Security policy - 16- bit routing Added support for: - Cascading Access Gateway. Updated to fix the table of contents Updated for FOS 6.2 July 2008 July 2008 November 2008
Access Gateway Administrators Guide Access Gateway Administrators Guide Access Gateway Administrators Guide
53-1000605-03 53-1000605-04 53-1001189-01
Access Gateway Administrators Guide 53-1001189-01
iii
iv
Contents
About This Document

How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Whats new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Command syntax conventions . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Notes, cautions, and warnings . . . . . . . . . . . . . . . . . . . . . . . . . . xv Key terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Brocade resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Other industry resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Optional Brocade features . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Chapter 1
Getting Started
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Brocade Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Fabric OS features in Access Gateway mode . . . . . . . . . . . . . . . . . . . 2 Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Comparison of Access Gateway ports to standard switch ports. 4 How Access Gateway maps ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Access Gateway limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Upgrade and downgrade considerations for switches in AG mode . . 6 Advance Device Security policy. . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . 7 Port Grouping policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2
Enabling Policies on Switches in Access Gateway Mode

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Access Gateway policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Showing current policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Enabling the Advanced Device Security policy. . . . . . . . . . . . . . 10 Disabling the Advanced Device Security policy . . . . . . . . . . . . . 10 Setting which devices can log in if ADS policy is enabled. . . . . 10 Setting which devices cannot log in if ADS policy is enabled . . 11 Removing devices from the list of devices allowed at login . . . 11 Adding new devices to the list of devices allowed at login . . . . 11 Displaying the list of devices on the switch . . . . . . . . . . . . . . . . 12 Automatic Port Configuration policy. . . . . . . . . . . . . . . . . . . . . . . . . . 12 Enabling the Automatic Port Configuration policy . . . . . . . . . . . 13 Disabling the Automatic Port Configuration policy . . . . . . . . . . 13 Rebalancing F_Ports with APC policy enabled. . . . . . . . . . . . . . 13 Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Enabling the Failover policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Disabling the Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Failback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Enabling the Failback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Cold Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Creating a port group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Adding an N_Port to a port group . . . . . . . . . . . . . . . . . . . . . . . . 20 Deleting an N_Port from a port group . . . . . . . . . . . . . . . . . . . . 20 Removing a port group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Renaming a port group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Disabling the Port Group policy. . . . . . . . . . . . . . . . . . . . . . . . . . 21 Access Gateway policy enforcement matrix . . . . . . . . . . . . . . . . . . . 22 Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Access Gateway trunking considerations for the Edge switch . 23 Trunk group creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Setting up F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Assigning a Trunk Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Enabling the DCC policy on trunk . . . . . . . . . . . . . . . . . . . . . . . . 28 Configuration management for trunk areas . . . . . . . . . . . . . . . . . . . 28 Enabling Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . . 28 Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 F_Port Trunking monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Access Gateway Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Chapter 3
Connecting Devices Using Access Gateway

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . 33 Fabric and Edge switch configuration . . . . . . . . . . . . . . . . . . . . . . . . 33 Verifying the switch mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Setting the Fabric OS switch to Native Mode. . . . . . . . . . . . . . . 35 Enabling NPIV on the M-EOS switch . . . . . . . . . . . . . . . . . . . . . . 35
vi
Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Access Gateway routing requirements with Cisco fabrics. . . . . 36 Enabling NPIV on a Cisco switch. . . . . . . . . . . . . . . . . . . . . . . . . 36 Workaround for QLogic-based devices . . . . . . . . . . . . . . . . . . . . 37 Editing Company ID List if no FC target devices on switch . . . . 37 Adding or deleting an OUI from the Company ID List . . . . . . . . 38 Enabling Flat FCID mode if no FC target devices on switch . . . 39 Editing Company ID list if target devices on switch . . . . . . . . . . 39 Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Enabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . 40 Port States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . 42 Saving the Access Gateway configuration . . . . . . . . . . . . . . . . . 42 Rejoining switches to a fabric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Reverting to a previous configuration. . . . . . . . . . . . . . . . . . . . . 43
Chapter 4
Configuring Ports in Access Gateway mode

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Port Initialization in Access Gateway mode. . . . . . . . . . . . . . . . . . . . 45 N_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Unlocking N_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Displaying N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . 48 Verifying port mapping and status . . . . . . . . . . . . . . . . . . . . . . . 48 Displaying N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Displaying port status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Adding F_Ports to an N_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Removing F_Ports from an N_Port . . . . . . . . . . . . . . . . . . . . . . . 51 Adding a preferred secondary N_Port . . . . . . . . . . . . . . . . . . . . 52 Deleting F_Ports from a preferred secondary N_Port . . . . . . . . 52
Appendix A Index
Troubleshooting
vii
viii
Figures
Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11
Access Gateway and fabric switch comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Port usage comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Example F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Example 1 and 2 Failover policy behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Failback policy behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Port Group Zero (pg0) setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Port grouping behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Port Group 1 (pg1) setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Initialized ports in Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Example of adding an external F_Port (F9) on an embedded switch . . . . . . . . . 47
ix
Tables
Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12
Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3 Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Description of F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Firmware upgrade and downgrade scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Policy enforcement matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Access Gateway trunking considerations for the Edge switch . . . . . . . . . . . . . . 23 PWWN format for F_Port and N_Port trunk ports. . . . . . . . . . . . . . . . . . . . . . . . . 26 Address identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 OUI IDs that require special treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Port state description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Access Gateway default F_Port-to-N_Port mapping. . . . . . . . . . . . . . . . . . . . . . . 53 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
xi
xii
About This Document
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Whats new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
How this document is organized

This document is a procedural guide to help SAN administrators configure and manage Brocade Access Gateway. This preface contains the following components:
Chapter 1, Getting Started describes how to use Access Gateway to create seamless
connectivity to any Storage Area Network (SAN) fabric.
Chapter 2, Enabling Policies on Switches in Access Gateway Mode describes how to enable
policies on a switch in Access Gateway mode.
Chapter 3, Connecting Devices Using Access Gateway describes how to connect multiple
devices using Access Gateway.
Chapter 4, Configuring Ports in Access Gateway mode describes how to configure ports in
Access Gateway mode.
Appendix A, Troubleshooting provides symptoms and troubleshooting tips to resolve issues.
Supported hardware and software

Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. For 6.2.0, documenting all possible configurations and scenarios is beyond the scope of this document. All Fabric OS switches must be running v5.1 or later; all M-EOS switches must be running M-EOSc 9.1 or later, M-EOSn must be running 9.6.2 or later, and Cisco switches with SAN OS must be running 3.0 (1) and 3.1 (1) or later. Access Gateway supports 4 and 8 Gbit bladed servers and blades.
xiii
Whats new in this document

The following changes have been made since this document was last released: Information that was added:
Supported software M-EOSc products: Release 9.1 or later and 9.6 or later Cisco Products: SAN-OS 3.0(1) or later and 3.1(1) or later Supported platforms Brocade 300 (24-port version only), 5100 Embedded switches: 5410, 5424, 5480 Supported configurations in cascaded AG
For further information, refer to the release notes.
Document conventions
This section describes text formatting conventions and important notices formats.
Text formatting
The narrative-text formatting conventions that are used in this document are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords and operands Identifies text to enter at the GUI or CLI Provides emphasis Identifies variables Identifies paths and Internet addresses Identifies document titles Identifies CLI output Identifies syntax examples
italic text
code text
For readability, command names in the narrative portions of this guide are presented in mixed lettercase: for example, switchShow. In actual examples, command lettercase is often all lowercase. Otherwise, this manual specifically notes those cases in which a command is case sensitive. The ficonCupSet and ficonCupShow commands are an exception to this convention.
Command syntax conventions

Command syntax in this manual follows these conventions:
xiv
command
--option, option -argument, arg
Commands are printed in bold. Command options are printed in bold. Arguments. Optional element. Variables are printed in italics. In the help pages, values are underlined or enclosed in angled brackets < >. Repeat the previous element, for example member[;member...] Fixed values following arguments are printed in plain font. For example, --show WWN Boolean. Elements are exclusive. Example: --show -mode egress | ingress
[] variable ... value |
Notes, cautions, and warnings

The following notices appear in this document.
NOTE
A note provides a tip, emphasizes important information, or provides a reference to related information.
ATTENTION
An Attention statement indicates potential damage to hardware or data.
CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you.
DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations.
Key terms
For definitions of SAN-specific terms, visit the Storage Networking Industry Association online dictionary at: http://www.snia.org/education/dictionary. For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary. The following terms are used in this manual to describe Access Gateway mode and its components.
xv
Access Gateway (AG) Fabric OS mode for switches that reduces SAN (storage area network) deployment complexity by leveraging NPIV (N_Port ID Virtualization). E_Port Edge switch F_Port An ISL (Interswitch link) port. A switch port that connects switches together to form a fabric. A fabric switch that connects host, storage, or other devices, such as Brocade Access Gateway, to the fabric. A fabric port. A switch port that connects a host, HBA (host bus adaptor), or storage device to the SAN. On Brocade Access Gateway, the F_Port connects to a host or a target. On Brocade Access Gateway, the configuration of F_Port to N_Port routes. A node port. A Fibre Channel host or storage port in a fabric or point-to-point connection. On Brocade Access Gateway, the N_Port connects to the Edge switch. N_Port ID Virtualization. Allows a single Fibre Channel port to appear as multiple, distinct ports providing separate port identification and security zoning within the fabric for each operating system image as if each operating system image had its own unique physical port.
Mapping N_Port
NPIV
Preferred Secondary N_Port On the Brocade Access Gateway, the preferred secondary N_Port refers to the secondary path to which an F_Port fails over if the primary N_Port goes offline.
Notice to the reader

This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only.
Corporation
Cisco Systems Emulex Corporation Qlogic Corporation
Referenced Trademarks and Products

Cisco Emulex Qlogic
Additional information
This section lists additional Brocade and industry-specific documentation that you might find helpful.
xvi
Brocade resources
To get up-to-the-minute information, join Brocade Connect. Its free! Go to http://www.brocade.com and click Brocade Connect to register at no cost for a user ID and password. For practical discussions about SAN design, implementation, and maintenance, you can obtain Building SANs with Brocade Fabric Switches through: http://www.amazon.com For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource Library location: http://www.brocade.com Release notes are available on the Brocade Connect Web site and are also bundled with the Fabric OS firmware.
Other industry resources

White papers, online demos, and data sheets are available through the Brocade Web site at
http://www.brocade.com/products/software.jhtml.
Best practice guides, white papers, data sheets, and other documentation is available through
the Brocade Partner Web site. For additional resource information, visit the Technical Committee T11 Web site. This Web site provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web site: http://www.fibrechannel.org
Optional Brocade features

For a list of optional Brocade features and descriptions, see the Fabric OS Administrators Guide.
Getting technical help

Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1. General Information
Technical Support contract number, if applicable Switch model Switch operating system version Error numbers and messages received supportSave command output
xvii
Detailed description of the problem, including the switch or fabric behavior immediately
following the problem, and specific questions
Description of any troubleshooting steps already performed and the results Serial console and Telnet session logs Syslog message logs
2. Switch Serial Number The switch serial number and corresponding bar code are provided on the serial number label, as shown here.
:
*FT00X0054E9* FT00X0054E9 The serial number label is located as follows:
Brocade 200EOn the nonport side of the chassis Brocade 300, 4100, 4900, 5100, 5300, 7500, and Brocade Encryption SwitchOn the
switch ID pull-out tab located inside the chassis on the port side on the left
Brocade 5000On the switch ID pull-out tab located on the bottom of the port side of the
switch
Brocade 7600On the bottom of the chassis Brocade 48000Inside the chassis next to the power supply bays Brocade DCXOn the bottom right on the port side of the chassis Brocade DCX-4SOn the bottom right on the port side of the chassis, directly above the cable management comb.
3. World Wide Name (WWN) Use the wwn command to display the switch WWN. If you cannot use the wwn command because the switch is inoperable, you can get the WWN from the same place as the serial number, except for the Brocade DCX. For the Brocade DCX, access the numbers on the WWN cards by removing the Brocade logo plate at the top of the nonport side of the chassis.
Document feedback
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to: documentation@brocade.com Provide the title and version number of the document and as much detail as possible about your comment, including the topic heading and page number and your suggestions for improvement.
xviii
Chapter
Getting Started
In this chapter
Brocade Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Access Gateway maps ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Gateway limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 2 4 5 6
Brocade Access Gateway

This chapter describes how to create seamless connectivity to any Storage Area Network (SAN) fabric using Access Gateway (AG). It provides information on how to set the port types, port mappings, and the policies to ensure a stable fabric. AG is compatible with Fabric OS, M-EOSv9.1 or v9.6 and later, and Cisco-based fabrics v3.0(1) or later and v3.1(1) and later. Enabling and disabling AG mode on a switch can be performed from the command line interface (CLI) or using Web Tools, Fabric Manager, or DCFM. This document describes configurations using the CLI commands. Please see the Web Tools Administrators Guide, the Fabric Manager Administrators Guide, or the Data Center Fabric Manager User Guide for more information about AG support in those tools. Brocade Access Gateway is a Fabric OS feature that lets you configure your Enterprise fabric to handle additional N_Ports instead of domains. You do this by configuring F_Ports to connect to the fabric as N_Ports, which increases the number of device ports you can connect to a single fabric. Multiple AGs can connect to the DCX enterprise-class platform, directors, and switches. After you set a Fabric OS switch to AG mode, the F_Ports connect to the Enterprise fabric as N_Ports rather than as E_Ports. They connect as E_Ports if the Fabric OS switch is in its Native switch mode. Figure 1 shows a comparison of a configuration that connects eight hosts to a fabric using AG to the same configuration with Fabric OS switches in Native mode. Switches in AG mode are logically transparent to the host and the fabric. You can increase the number of hosts that have access to the fabric without increasing the number of switches. This simplifies configuration and management in a large fabric by reducing the number of domain IDs and ports.
Fabric OS features in Access Gateway mode
FIGURE 1
Access Gateway and fabric switch comparison
The following points summarize the differences between a Fabric OS switch in Native mode and a Fabric OS switch in AG mode:
The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as
many physical ports, consumes fabric resources, and can connect to a Fabric OS fabric only.
A switch in AG mode is outside of the fabric; it reduces the number of switches in the fabric
and the number of required physical ports. You can connect an AG switch to either a Fabric OS, M-EOS, or Cisco-based fabric.

When a switch is behaving as an Access Gateway, RBAC features in Fabric OS are available, but Admin Domains, Advanced Performance Monitoring, direct connection to SAN target devices, Fibre Channel Arbitrated Loop support, FICON, IP over FC, extended fabrics, management platform services, name services (SNS), port mirroring, SMI-S, and zoning are not available or no longer applicable. Table 1 lists Fabric OS components that are supported on a switch when AG mode is enabled. No indicates that the feature is not provided in AG mode. NA indicates this feature is not applicable in Access Gateway mode of operation. A single asterisk (*) indicates the feature is transparent to AG, that is AG forwards the request to the Enterprise fabric. Two asterisks (**) indicates that if the Enterprise fabric is not a Brocade fabric, the feature may not be available. Security enforcement can be done in either the Enterprise fabric using the DCC policy or in the Access Gateway module using Advanced Device Security (ADS) policy. The ADS policy secures virtual and physical connections to the SAN. When you enable the ADS policy, by default, every F_Port is configured to allow all devices to login or be a part of the Access List. The Allow list restricts the devices that can log into a specific F_Port. Because all WWNs are a part of the Access List, you can identify which devices are allowed to log in on a per F_Port basis by specifying the devices port WWN(PWWN). See the Fabric Command Reference on using the ag --adsset command to set the Allow List to All Access or No Access. Alternatively the security policy can be established in the Enterprise fabric. For information on the ADS policy, see Setting which devices can log in if ADS policy is enabled on page 10 or Setting which devices cannot log in if ADS policy is enabled on page 11.
TABLE 1
Feature
Fabric OS components supported on Access Gateway

Support
Yes (limited roles) Yes Yes Yes Yes Yes Yes No
Access Control Audit Beaconing Config Download/Upload DHCP Environmental Monitor Error Event Management Extended Fabrics
Fabric Device Management Interface (FDMI) Yes* Fabric Manager Fabric Watch FICON (includes CUP) High Availability IPoverFC Native Interoperability Mode License Log Tracking Management Server Manufacturing Diagnostics N_Port ID Virtualization Name Server Network Time Protocol (NTP) Yes** Yes (limited) No Hot Code Load Yes* NA Yes** Yes NA Yes Yes NA No (no relevance from fabric perspective. In embedded switch, time should be updated by server management utility. NA Yes (Basic PM only, no APM support) No No Partial (ADS and DCC policies) Yes Yes Yes** Yes Yes NA
Open E_Port Performance Monitor Port Mirroring QuickLoop, QuickLoop Fabric Assist Security SNMP Speed Negotiation Trunking ValueLineOptions (Static POD, DPOD) Web Tools Zoning, Admin Domains
Access Gateway port types
Access Gateway port types

Access Gateway differs from a typical fabric switch because it is not a switch; instead, it is a mode that you enable on a switch using the ag command. After a switch is set in ag mode, it can connect to the fabric using node ports (N_Ports). Typically fabric switches connect to the Enterprise fabric using ISL (InterSwitch Link) ports, such as E_Ports. Following are the Fibre Channel (FC) ports that AG uses:
F_Port - fabric port that connects a host, HBA, or storage device to a switch in AG mode. N_Port - node port that connects a switch in AG mode to the F_Port of the fabric switch.
Comparison of Access Gateway ports to standard switch ports

Access Gateway multiplexes host connections to the fabric. It presents an F_Port to the host and an N_Port to an Edge fabric switch. Using N_Port ID Virtualization (NPIV), AG allows multiple FC initiators to access the SAN on the same physical port. This reduces the hardware requirements and management overhead of hosts to the SAN connections. A fabric switch presents F_Ports (or FL_Ports) and storage devices to the host and presents E_Ports, VE_Ports, or EX_Ports to other switches in the fabric. A fabric switch consumes SAN resources, such as domain IDs, and participates in fabric management and zoning distribution. A fabric switch requires more physical ports than AG to connect the same number of hosts. Figure 2 shows a comparison of the types of ports a switch in AG mode uses to the type of ports that a standard fabric switch uses. Access Gateway Ports
Switch in AG mode Hosts N_Port F_Port N_Port N_Port F_Port Edge Switch F_Port
NPIV enabled
Fabric
Fabric Switch Ports

Fabric Hosts N_Port Switch in standard default mode F_Port E_Port Fabric Switch E_Port
N_Port
F_Port
E_Port
E_Port
FIGURE 2
Port usage comparison
How Access Gateway maps ports
Table 2 shows a comparison of port configurations with AG to a standard fabric switch.
TABLE 2
Port Type
F_Port N_Port E_Port
1.
Port configurations
Access Gateway
Yes Yes NA Connects hosts and targets to Access Gateway. Connects Access Gateway to a fabric switch. ISL is not supported.1
Fabric switch
Yes NA Yes Connects devices, such as hosts, HBAs, and storage to the fabric. N_Ports are not supported. Connects the switch to other switches to form a fabric.
The switch is logically transparent to the fabric, therefore it does not participate in the SAN as a fabric switch.
How Access Gateway maps ports

Access Gateway uses mappingthat is, pre-provisioned routesto direct traffic from the hosts to the fabric. When you first enable a switch to AG mode, by default, the F_Ports are mapped to a set of predefined N_Ports. For the default F_Port-to-N_Port mapping, see Table 11 on page 53. If required, you can manually change the default mapping. Figure 3 shows a mapping with eight F_Ports evenly mapped to four N_Ports on a switch in AG mode. The N_Ports connect to the same fabric through different Edge switches.
Hosts Host_1 F_1 N_1 Host_2 F_2 N_2 F_3 Access Gateway Edge Switch (Switch_A) F_A1
NPIV enabled
Fabric
F_A2 Host_3
NPIV enabled
Host_4
F_4 N_3
Edge Switch (Switch_B) F_B1

NPIV enabled
Host_5
F_5 F_B2 N_4

NPIV enabled
Host_6
F_6
Host_7
F_7
Host_8
F_8
FIGURE 3
Example F_Port-to-N_Port mapping
Access Gateway limitations
TABLE 3
F_Port
F_1, F_2 F_3, F_4 F_5, F_6 F_7, F_8
Description of F_Port-to-N_Port mapping

Fabric N_Port
N_1 N_2 N_3 N_4
Access Gateway
Edge switch
Switch_A Switch_A Switch_B Switch_B
F_Port
F_A1 F_A2 F_B1 F_B2
Access Gateway limitations

The limitations of Access Gateway are as follows:
Limited to switch platforms and embedded switch platforms listed in Supported hardware and
software on page xiii.
Maximum number of AGs that can be connected to an Edge switch is 30 Maximum number of devices that can be connected to a Fabric OS switch through AG depends
on the maximum number of local devices supported by Fabric OS.
AG does not support loop devices.
Upgrade and downgrade considerations for switches in AG mode

Downgrading to Fabric OS v6.1.0 or earlier is supported; however, you must first disable the switch from AG mode. Note the following considerations when upgrading and downgrading from Fabric OS v6.2.0 to Fabric OS v6.1.0 and earlier:
Downgrades to v6.0.0 or earlier Fabric OS versions are not allowed if any F_Port trunk is
active.
Trunking must be disabled before downgrading to Fabric OS v6.0.0 or earlier. When a switch is set in AG mode, if you downgrade to v6.0.0x, all preferred Failover
settings are lost. The following table describes the scenarios for upgrading and downgrading Fabric OS versions.
TABLE 4
Policies
Firmware upgrade and downgrade scenarios

Fabric OS v6.2 -> 6.1
Yes Yes Yes Yes

Yes Yes Yes Yes

Yes No No No
Auto Port Configuration Port Grouping Port Trunking (with trunk members OFFLINE) Port Trunking (with trunk members ONLINE) Advance Device Security Policy
Yes
Yes
No
Note the following upgrade and downgrade considerations when the Brocade policies are enabled.
Advance Device Security policy

If you upgrade from v5.2.1/v5.3.x to v6.2.0, the ADS policy is disabled. Downgrading to v6.0 or earlier is permitted, but you must disable ADS. Downgrading to v6.1 is allowed and ADS is supported.
Automatic Port Configuration policy

If you upgrade from Fabric OS v6.0.x or earlier to Fabric OS 6.2.0, by default, the APC policy is disabled. To downgrade from v6.2.0 to v5.2.1 or 5.3.x you must disable APC.
Port Grouping policy

If you upgrade from v5.2.1 or v5.3.x to 6.2.0, then the PG policy is enabled with the default port group pg0 containing all the N_Ports. If the PG policy is enabled, you can downgrade from Fabric OS 6.2.0 to Fabric OS v6.0.0. To downgrade to versions earlier than v6.0.0, you must first disable port grouping.
Chapter
Enabling Policies on Switches in Access Gateway Mode
In this chapter
Access Gateway policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Failback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Cold Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Access Gateway policy enforcement matrix. . . . . . . . . . . . . . . . . . . . . . . . . . 22 Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Configuration management for trunk areas . . . . . . . . . . . . . . . . . . . . . . . . . 28 Access Gateway Cascading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Access Gateway policies

This chapter provides information and procedures for enabling policies on switches in Access Gateway mode. Brocade policy-based approach lets you restrict or filter traffic on standard Fabric OS switches and switches in Access Gateway mode. You can enable the following policies on a switch in Access Gateway mode:
Advance Device Security policy (ADS) Automatic Port Configuration policy (APC) Port Grouping policy (PG)
Showing current policies

You can run the following command to see which policies are enabled or disabled on a switch. 1. Connect to the switch and log in as admin. 2. Enter the ag --policyshow command.
switch:admin> ag --policyshow Policy_Description Policy_Name State -------------------------------------------------Port Grouping pg Enabled Auto Port Configuration auto Disabled Advanced Device Security ads Enabled
Advanced Device Security policy

The Advanced Device Security (ADS) policy is supported on AG F_Ports. Fabric OS v6.2.0 extends the DCC policy to switches in AG mode to provide an additional level of security. It does this by extending the DCC policy to the physical F_Ports and the NPIV logins on F_Ports. As more physical servers become virtual, virtual servers can become vulnerable and security becomes an integral part of server IO virtualization. This security policy is a mechanism that restricts fabric connectivity to a set of devices that you can specify or allow to log in to the fabric connected through a switch in AG mode. By default, the ADS policy is not enabled. After you set a switch in AG mode, you can enable the ADS policy, and then specify which devices to allow at login on a per F_Port basis. Security enforcement can also be done in the Enterprise fabric; the DCC policy in the Enterprise fabric takes precedence over the ADS policy. When you enable the ADS policy, it applies to all the ports on the switch. By default, all devices have access to the fabric on all ports.
Enabling the Advanced Device Security policy

1. Connect to the switch and log in as admin. 2. Enter the ag --policyenable ads command.
switch:admin> ag --policyenable ads The policy ADS is enabled
Disabling the Advanced Device Security policy

1. Connect to the switch and log in as admin. 2. Enter the ag --policydisable ads command.
switch:admin> ag --policydisable ads The policy ADS is disabled
Setting which devices can log in if ADS policy is enabled

You can determine which devices are allowed to log in on a per F_Port basis by specifying the devices port WWN (PWWN). Use the ag --adsset command to determine which devices are allowed to log in to a specified set of F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. The maximum number of entries in the allowed device list is twice the per port maximum log in count. Replace the WWN list with an asterisk (*) to indicate all access on the specified F_Port list. Replace the F_Port list with an asterisk (*) to add the specified WWNs to all the F_Ports' allow lists. A blank WWN list () indicates no access. The ADS policy must be enabled for this command to succeed. Use an asterisk enclosed in quotation marks,*, to set the Allow list to All Access to all F_Ports; use a pair of double quotation marks ("") to set the Allow list to No Access. Note the following characteristics of the Allow List:
NOTE
The maximum device entries allowed in the Allow List is twice the per port max login count Each port can be configured to not allow any device or to allow all the devices to log in If the ADS policy is enabled, by default, every port is configured to allow all devices to log in
10
The same Allow List can be specified for more than one F_Port.
This example show how to set the list of allowed devices for ports 1, 10, and 13 to all access: 1. Connect to the switch and log in as admin. 2. Enter the ag --adsset 1;10;13* command.
switch:admin> ag-adsset1;10;13* WWN list set successfully as the Allow Lists of the F_Port[s]
Setting which devices cannot log in if ADS policy is enabled

This example show how to set the list of allowed devices for ports 11 and 12 to no access: 1. Connect to the switch and log in as admin. 2. Enter the ag --adsset 11;12 command.
switch:admin > ag -adsset 11;12 WWN list set successfully as the Allow Lists of the F_Port[s]
Removing devices from the list of devices allowed at login

Use the ag --adsdel command to delete the specified WWNs from the list of devices allowed to log in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the F_Port list with an asterisk (*) to remove the specified WWNs from all the F_Ports' allow lists. The ADS policy must be enabled for this command to succeed. For example, to remove two devices from the list of allowed devices for ports 3 and 9, use the following syntax:
ag--adsdel "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"
1. Connect to the switch and log in as admin. 2. Enter the ag --adsdel 3;9 "22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b" command.
switch:admin> ag --adsdel "3;9" "22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b" WWNs removed successfully from Allow Lists of the F_Port[s]Viewing F_Ports allowed to login
Adding new devices to the list of devices allowed at login

Use the adsadd command to add the specified WWNs to the list of devices allowed to log in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the F_Port list with an asterisk (*) to add the specified WWNs to all the F_Ports' allow lists. The ADS policy must be enabled for this command to succeed. For example, to add two new devices to the list of allowed devices for ports 3 and 9, use the following syntax:
ag--adsadd "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"
11
1. Connect to the switch and log in as admin. 2. Enter the ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" command.
switch:admin> ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" WWNs added successfully to Allow Lists of the F_Port[s]
Displaying the list of devices on the switch

1. Connect to the switch and log in as admin. 2. Enter the ag --adsshow command.
switch:admin> ag --adsshow F_Port WWNs Allowed -------------------------------------------------------------------------1 ALL ACCESS 3 20:03:08:00:88:35:a0:12 21:00:00:e0:8b:88:01:8b 9 20:03:08:00:88:35:a0:12 21:00:00:e0:8b:88:01:8b 10 ALL ACCESS 11 NO ACCESS 12 NO ACCESS 13 ALL ACCESS --------------------------------------------------------------------------

Automatic Port Configuration (APC) is an optional AG policy and is disabled by default. When the APC is enabled, the Access Gateway module automatically discovers the port type. For example, when a switch in AG mode is connected to a port, AG configures the port as an N_Port. If a host is connected to a port on Access Gateway, then AG determines that it is connected and configures the port as an F_Port. After all the port types are determined, dynamic mapping between F_Ports and N_Ports is created and F_Ports are evenly distributed across all N_Ports. While the APC is enabled, you cannot manually configure F_Port-to-N_Port mapping.
ATTENTION
Enabling the APC policy is disruptive to F_Ports and N_Ports. You must disable the module before you enable the APC policy because when you enable the APC policy, existing F_Port-to-N_Port mappings are deleted. Because the APC policy enforcement erases port mappings existing on the switch, it is recommended to perform a configupload before enabling the APC policy. After you enable the APC policy, the policy immediately takes effect; a reboot is not required. When you disable the APC policy, the N_Port configuration and the F_Port-to-N_Port mapping revert back to the default factory configuration for that platform. The APC policy is mutually exclusive with the Port Grouping policy. When the APC policy is enabled on a switch connected to multiple fabrics, no attempt is made by AG to restrict failover behavior even if the N_Ports are connected to unrelated fabrics. Do not to use the APC policy when Access Gateway is connected to multiple fabrics.
12
When in Access Gateway mode, the Automatic Port Configuration policy may not work when attached to M-EOS switches. M-EOS ports should be set to G_Port to prevent problems with port type discovery. Ports 16-47 on the FC8-48 blade may not be used for AG F_Port Trunking connections.
NOTE
Enabling the Automatic Port Configuration policy

1. Connect to the switch and log in as admin. 2. Ensure that the switch is disabled, enter the switchdisable command 3. Enter the ag --policyenable auto command to enable the APC policy.
switch:admin> ag --policyenable auto All Port related Access Gateway configurations will be lost. Please save the current configuration using configupload. Do you want to continue? (yes, y, no, n): [no] y
4. Enter the configupload command to save the switchs current configuration. 5. At the command prompt, type Y to enable the policy. The switch is ready; a reboot is not required.
Disabling the Automatic Port Configuration policy

1. Connect and log in to the switch. 2. Enter the command ag --policydisable auto to disable the APC policy. 3. At the command prompt, type Y to disable the policy.
switch:admin> ag --policydisable auto Default factory settings will be restored. Default mappings will come into effect. Please save the current configuration using configupload. Do you want to continue? (yes, y, no, n): [no] y Access Gateway configuration has been restored to factory default
4. Enter the switchenable command to enable the switch.
Rebalancing F_Ports with APC policy enabled

When the APC policy is enabled, there are no static mappings between F_Ports and N_Ports and no F_Ports are tied to a specific N_Port. When an F_Port comes online after the initial mapping is done, the F_Ports are automatically routed through one of the available N_Ports such that the F_Ports are evenly balanced across all the available N_Ports. Similarly, if a new N_Port comes online after the initial F_Port initialization, some of the F_Ports being routed through existing N_Ports will fail over to the new N_Port, if rebalancing is needed.
NOTE
Because of the disruption caused by the redistribution of F_Ports, it is recommended to add new N_Ports to the module. For more information on adding N_Ports, see Adding an N_Port to a port group on page 20.
13
Failover policy
Failover policy
Access Gateway Failover and Failback policies ensure maximum uptime for the servers. When a port is configured as an N_Port and if by default, the Failover policy is enabled, F_Ports are not disabled if its N_Port goes off line. If you specify a Preferred Secondary N_Port for any of the F_Ports, and if the N_Port goes offline, the F_Ports will fail over to the Preferred Secondary N_Port, and then re-enable. The specified Preferred Secondary N_Port must be online; otherwise, the F_Ports will become disabled. Alternatively, if a Preferred Secondary N_Port is not set for any of F_Ports, the F_Ports will fail over to other online N_Ports belonging to the same N_Port group, and then re-enable. The FLOGI and FDISC requests are forwarded from F_Ports through the new N_Port. If multiple N_Ports are available as candidates for failover, Access Gateway selects one or more N_Ports so that the F_Ports are evenly balanced across all the N_Ports. Failover of F_Ports to new a N_Port generates a RASLOG message. The Failover policy allows hosts to automatically remap to an online N_Port if the primary N_Port goes offline. The Failover policy is enabled (or enforced) during power-up. The Failover policy evenly distributes the F_Ports that are mapped to an offline N_Port among all the online N_Ports. The Failover policy is a parameter of each N_Port. By default, the Failover policy is enabled for all N_Ports. The following sequence describes how a failover event occurs:
NOTE
An N_Port goes offline. All F_Ports mapped to that N_Port are disabled. If the N_Port Failover policy is enabled, and a Preferred Secondary N_Port is specified for the
F_Port and that N_Port is online, the F_Port fails over to the respective Preferred Secondary N_Port, and then re-enables.
NOTE
The Preferred Secondary N_Port is defined per F_Port. For example, if two F_Ports are mapped to a primary N_Port1, you can define a secondary N_Port for one of those F_Ports and not define a secondary N_Port for the other F_Port. Typically, this is done by the server administrator. You must determine whether you want to define a preferred secondary map for each of the servers or just a subset of the servers.
If the Preferred Secondary N_Port is not online, those F_Ports are disabled. If the Preferred Secondary N_Port is not set for any of the F_Ports, those F_Ports will fail over
to other available N_Ports belonging to the same N_Port group, and then re-enable.
The host establishes a new connection with the fabric.

Example: Failover Policy
This example shows the failover behavior in a scenario where two fabric ports go offline, one after the other. Note that this example assumes that no Preferred Secondary N_Port is set for any of the F_Ports.
First the Edge switch F_A1 port goes offline, as shown in Figure 4 on page 15 Example 1 (left),
causing the corresponding Access Gateway N_1 port to be disabled. The ports mapped to N_1 fail over; F_1 fails over to N_2 and F_2 fails over to N_3.
14
Failover policy
Next the F_A2 port goes offline, as shown in Figure 4 on page 15 Example 2 (right), causing
the corresponding Access Gateway N_2 port to be disabled. The ports mapped to N_2 (F_1, F_3, and F_4) fail over to N_3 and N_4. Note that the F_Ports are evenly distributed to the remaining online N_Ports and that the F_2 port did not participate in the failover event.
Example 1 Hosts Host_1 Access Gateway F_1 Fabric Edge Switch (Switch_A) Host_2 F_2 N_1 Host_3 F_3 F_A2 N_2 Host_4 F_4 Edge Switch (Switch_B) Host_5 F_5 N_3 Host_6 F_6 N_4 Host_7 F_7 F_B1
NPIV enabled NPIV enabled
Example 2 Hosts Host_1
Access Gateway F_1 Fabric Edge Switch (Switch_A)
F_A1
NPIV enabled
Host_2
F_2 N_1
F_A1
NPIV enabled
Host_3
F_3 F_A2 N_2

NPIV enabled
Host_4
F_4 Edge Switch (Switch_B)
Host_5
F_5 N_3
F_B1
NPIV enabled
F_B2
NPIV enabled
Host_6
F_6 N_4
F_B2
NPIV enabled
Host_7
F_7
Host_8
F_8
Host_8
F_8 Legend
Physical connection Mapped online Failover route online Original mapped route (offline)
FIGURE 4
Example 1 and 2 Failover policy behavior
Enabling the Failover policy

1. Connect to the switch and log in as admin. 2. Enter the ag command with the --failovershow <n_portnumber> operand to display the failover setting.
switch:admin> ag --failovershow 13 Failover on N_Port 13 is not supported
3. Enter the ag command with the --failoverenable <n_portnumber> operand to enable failover.
switch:admin> ag --failoverenable 13 Failover policy is enabled for port 13
15
Failback policy
Disabling the Failover policy

1. Connect to the switch and log in as admin. 2. Enter the ag command with the --failovershow <n_portnumber> operand to display the failover setting.
switch:admin> ag --failovershow 13 Failover on N_Port 13 is supported
3. Enter the ag --failoverdisable <n_portnumber> operand to disable failover.

switch:admin> ag --failoverdisable 13 Failover policy is disabled for port 13
Failback policy
The Failback policy automatically reroutes the F_Ports back to the primary mapped N_Ports as those N_Ports come back online, if the Failback policy is enabled for the N_Port. Only the originally mapped F_Ports fail back. In the case of multiple N_Port failures, only F_Ports that were mapped to the recovered N_Port experience failback. The remaining F_Ports are not redistributed among the online N_Ports during the failback. If the APC policy is enabled, by default, the failback policy is disabled. The Failback policy is an N_Port parameter. By default, the Failback policy is enabled. The following sequence describes how a failback event occurs:
NOTE
When an N_Port comes back online, with the Failback policy enabled, the F_Ports that were
originally mapped to it are disabled.
The F_Port is rerouted to the primary mapped N_Port, and then re-enabled. The host establishes a new connection with the fabric.
Example: Failback Policy
In Example 3, described in Figure 5 on page 17, the Access Gateway N_1 remains disabled because the corresponding F_A1 port is offline. However, N_2 comes back online. See Figure 4 on page 15 for the original fail over scenario. The ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled.
16
Failback policy
Example 3
Hosts Host_1 F_1
Access Gateway Edge Switch (Switch_A) F_A1 N_1
Fabric
Host_2
F_2
NPIV enabled
F_A2 Host_3 F_3 N_2

NPIV enabled
Host_4
F_4 N_3
Edge Switch (Switch_B) F_B1

NPIV enabled
Host_5
F_5 F_B2 N_4

NPIV enabled
Host_6
F_6
Host_7
F_7
Legend
Physical connection Mapped online Failover route online Original mapped route (offline)
Host_8
F_8
FIGURE 5
Failback policy behavior
Enabling the Failback policy

1. Connect to the switch and log in as admin. 2. Enter the ag --failbackshow command with the n_portnumber operand to display the failover setting.
switch:admin> ag --failbackshow 13 Failback on N_Port 13 is not supported
3. Enter the ag --failbackenable command with the n_portnumber operand to enable failover.
switch:admin> ag --failbackenable 13 Failback policy is enabled for port 13
Disabling the Failback policy

1. Connect to the switch and log in as admin. 2. Enter the ag --failbackshow command with the n_portnumber operand to display the failback setting.
switch:admin> ag --failbackshow 13 Failback on N_Port 13 is supported
3. Enter the ag --failbackdisable command with the n_portnumber operand to disable failover.
switch:admin> ag --failbackdisable 13
17
Cold Failover policy
Failback policy is disabled for port 13
Cold Failover policy

All F_Ports for an N_Port that goes offline are failed over to other N_Ports. However, if the N_Port fails to come online after the switch comes online, it triggers cold failover of its F_Ports. If any of these F_Ports have a Preferred Secondary N_Port set, and if the Preferred Secondary N_Port is online, those F_Ports fail over to the Preferred Secondary N_Port during cold failover. If the Preferred Secondary N_Port is not online, those F_Ports are disabled. If the Preferred Secondary N_Port is not set for any of these F_Ports, these F_Ports failover to any N_Ports on the switch so that the F_Ports are evenly balanced across all the N_Ports belonging to the same N_Port group.

When connecting a switch in AG mode to multiple fabrics or isolating a subset of servers from other servers, you can group a number of servers and its corresponding fabric ports. You can do this by enabling the Port Grouping policy (PG), which can only be performed on N_Ports. Port groups cannot be overlapped. This means that an N_Port cannot belong to two different groups. The Failover and Failback policies remain the same within each port group and the Preferred Secondary N_Port can only specify the N_Ports from the same port group. This is why it is recommended to form groups before defining the preferred secondary path. This behavior is only in Fabric OS v6.0.0. When upgrading from Fabric OS v6.0.0 to Fabric OS v6.2.0, the PG policy that was enforced in Fabric OS v6.0.0 continues to be enforced in Fabric OS v6.2.0 and the port groups are retained. For example, Figure 6 shows an example of pg0. If N_Port1 and 2 are in pg0 and F_Ports 1 and 2 are using N_Port1 and N_Port1 goes offline, then F_Ports1 and 2 are routed through N_Port2 because N_Port2 is in the same port group, pg0.
F_Port1 N_Port1
Fabric-1
F_Port2
Storage Array
AG
F_Port3 N_Port2
PG0
Fabric-2
F_Port4
FIGURE 6
Port Group Zero (pg0) setup
18
Figure 7 shows that if you create port groups and when an N_Port goes offline, the F_Ports being routed through that port will fail over to any of the N_Ports that are part of that port group and are currently active. For example, if N_Port4 goes offline then F_Ports7 and 8 are routed through to N_Port 3 as long as N_Port 3 is online because both N_Ports3 and 4 belong to the same port group, PG2. If no active N_Ports are available, the F_Ports are disabled. The F_Ports belonging to a port group do not failover to N_Ports belonging to another port group.
F_Port1 F_Port2 F_Port3 F_Port4
N_Port1
Fabric-1
N_Port2
Storage Array-1
AG
F_Port5 F_Port6 F_Port7 F_Port8 N_Port4 N_Port3
PG1
Fabric-2
Storage Array-2
PG2
FIGURE 7
Port grouping behavior
When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can access the same target devices from both of the fabrics. In this case, you must group the N_Ports connected to the redundant fabric into a single port group. It is recommended to have paths fail over to the redundant fabric when the primary fabric goes down.
F_Port1 N_Port1
Fabric-1
Storage Array-1
F_Port2
AG
F_Port3 N_Port2
PG1
Fabric-2
F_Port4
Storage Array-2
FIGURE 8 ATTENTION
Port Group 1 (pg1) setup
If N_Ports are connected to unrelated fabrics are grouped together, N_Port failover within a port group can cause the F_Ports to connect to a different fabric and the F_Ports may lose connectivity to the targets they were connected to before the failover, thus causing I/O disruption as shown in Figure 8.
19
You can create new port groups and add N_Ports to those groups. However, all N_Ports that are not part of any user-created port group are part of the default port group pg0. Because port groups cannot be overlapped, if you specify an N_Port as a Preferred Secondary N_Port and it already belongs to another port group, the Port Group creation fails. If the PG policy is disabled while a switch in AG mode is online, all the user-defined port groups are deleted, but the F_Port-to-N_Port mapping remain unchanged.
NOTE
Creating a port group

1. Connect to the switch and log in as admin. 2. Enter the command ag --pgcreate with the <PG_ID> <N_Port1;N_Port2;> [-n <PG_Name>] operands. For example, to create a port group FirstFabric that includes N_Ports 1 and 3:
switch:admin> ag --pgcreate 3 "1;3" -n FirstFabric1 Port Group 3 created successfully
3. Enter the command ag --pgshow to verify the port group was created.
switch:admin> ag --pgshow Port Group ID Port Group Name -----------------------------------0 None pg0 2 0;2 SecondFabric 3 1;3 FirstFabric ------------------------------------
Adding an N_Port to a port group

1. Connect to the switch and log in as admin. 2. Enter the command ag --pgadd with the <PG_ID> <N_Port1;N_Port2;> operands. If you add more than one N_Port you must separate them with a semicolon.
switch:admin> ag --pgadd 3 14 N_Port[s] are added to the port group 3
3. Enter the command ag --pgshow to verify the N_Port was added to the specified port group.
switch:admin> ag --pgshow PG_ID N_Ports PG_Name ----------------------------------------------------------------------------0 15 pg0 3 12;13;14 Test -----------------------------------------------------------------------------
Deleting an N_Port from a port group

1. Connect to the switch and log in as admin. 2. Enter the command ag --pgdel with the <PG_ID> <N_Port1;N_Port2;> operands.
switch:admin> ag --pgdel 3 13 N_Port[s] are added to the port group 3
20
3. Enter the command ag --pgshow to verify the N_Port was deleted from the specified port group.
switch:admin> ag --pgshow PG_ID N_Ports PG_Name ----------------------------------------------------------------------------0 13;15 pg0 3 12;14 Test -----------------------------------------------------------------------------
Removing a port group

1. Connect to the switch and log in as admin. 2. Enter the command ag --pgremove with the <PG_ID> operands.
switch:admin> ag --pgremove 3 Port Group 3 has been removed successfully
3. Enter the command ag --pgshow to verify the port group has been deleted.
switch:admin> ag --pgshow PG_ID N_Ports PG_Name ----------------------------------------------------------------------------0 12;13;14;15 pg0 -----------------------------------------------------------------------------
Renaming a port group

1. Connect to the switch and log in as admin. 2. Enter the command ag --pgrename with the <PG_ID> <newname> operands, for example, to rename port group with pgid 2 to "MyEvenFabric":
switch:admin> ag --pgrename 2 MyEvenFabric Port Group 2 has been renamed as MyEvenFabric successfully
3. Enter the command ag --pgshow to verify the port group has been renamed.
switch:admin> ag --pgshow PG_ID N_Ports PG_Name -------------------------------------0 None pg0 2 0;2 MyEvenFabric 3 1;3 FirstFabric
Disabling the Port Group policy

1. Connect to the switch and log in as admin. 2. Enter the command ag --policydisable with the pg operand.
switch:admin> ag --policydisable pg
3. Enter the command ag --pgshow to verify the Port Group policy is disabled.
switch:admin> ag --policyshow AG Policy Policy Name State ---------------------------------------------------------Port Grouping pg Disabled
21
Access Gateway policy enforcement matrix
Auto Port Configuration auto Disabled Advance Device Security ADS Disabled ----------------------------------------------------------
Access Gateway policy enforcement matrix

The following table shows which combinations of policies can co-exist with each other.
TABLE 5
Policies
Policy enforcement matrix

Auto Port Configuration
N/A Mutually exclusive Can co-exist Can co-exist
Port Grouping
Mutually exclusive N/A Can coexist Can co-exist
N_Port Trunking
Can co-exist Can co-exist N/A Can co-exist
ADS Policy
Can co-exist Can co-exist Can co-exist N/A
Auto Port Configuration N_Port Grouping N_Port Trunking ADS Policy
Access Gateway trunking

On switches running in Access Gateway mode, the masterless trunking feature trunks N_Ports because these are the only ports that connect to the Enterprise fabric. After you map or assign F_Ports to an N_Port, the N_Port distributes frames across a set of available path links on the module because these are the only ports that connect the Enterprise fabric to an adjacent Edge switch. To use Access Gateway masterless trunking, all trunking must be configured on the Edge switch. No configuration on the AG module is necessary. Following are the advantages of Access Gateway trunking:
When one or more N_Ports in a trunk group goes offline, there is no change in the PID for the
F_Port(s) that were mapped to the N_Port(s) as long as at least one N_Port in the trunk group is active. This provides for a transparent failover and failback within the trunk group.
Trunked links are more efficient because of the trunking algorithm implemented in the
switching ASICs that distributes the I/O more evenly across all the links in the trunk group.
Trunk groups cannot span across multiple N_Port groups within an AG module in AG mode. Multiple trunk groups are allowed within the same N_Port group.
On the Edge switch, this feature is called F_Port trunking or masterless F_Port trunking. Because the entire configuration for AG Trunking is done on the Edge switch, the information here is applicable to the Edge switch module and not the AG module. The only requirements on the AG module is to ensure that the ISL Trunking license is installed. Because you must configure the trunking on the Edge switch, F_Port trunking provides a Trunk group between N_Ports on the AG module and F_Ports on the Edge switch module. This feature keeps AGs F_Port(s) from becoming disabled in the case where an N_Port within the trunk group fails. No failover occurs as long as there is at least one active link in the trunk group. With trunking, any link within a trunk can go off line or become disabled, but the trunk remains fully functional and no re-configuration is required.
NOTE
22
Trunking prevents reassignments of the Port ID (also referred to as the Address Identifier as described in Table 7 on page 26) when N_Ports go offline. You must install the Brocade ISL license on both the Edge switch and the module running in AG mode and you must ensure that both modules running Fabric OS v6.1.0 or later. All ports within a trunk group must be part of the same port group; ports outside of a port group cannot form a trunk group. For more information on Port Groups, see Port Grouping policy on page 18. If a switch already has an ISL Trunking license, no new license is required to use it on AG N_Port masterless trunking; Also, after a trunking license is installed on a switch in AG mode and you change the switch to standard mode, you can keep the same license. Access Gateway does not work on M-EOS or third party switches. To implement F_Port masterless trunking on the Edge switch, you must first configure an F_Port Trunk group and statically assign an Area_ID within the trunk group. Assigning a Trunk Area (TA) to a port or trunk group enables F_Port masterless trunking on that port or trunk group. When a TA is assigned to a port or trunk group, the ports will immediately acquire the TA as the area of its process IDs (PID). And when a TA is removed from a port or trunk group, the port reverts to the default area as its PID.
NOTE
Access Gateway trunking considerations for the Edge switch

TABLE 6
Category
Area assignment

Description
You statically assign the area within the trunk group on the Edge switch. That group is the F_Port masterless trunk. The static trunk area you assign must fall within the F_Port trunk group starting from port 0 on a Edge switch or blade. The static trunk area you assign must be one of the ports default areas of the trunk group.
Authentication
Authentication occurs only on the F_Port trunk master port and only once per the entire trunk. This behavior is same as E_Port trunk master authentication. Because only one port in the trunk does FLOGI to the switch, and authentication follows FLOGI on that port, only that port displays the authentication details when you issue the portshow command. Note: Switches in Access Gateway mode do not perform authentication.
Management Server
Registered Node ID (RNID), Link Incident Record Registration (LIRR), and (QSA) Query Security Attributes ELSs are not supported on F_Port trunks. The port must be disabled before assigning a Trunk Area on the Edge switch to the port or removing a Trunk Area from a trunk group. You cannot assign a Trunk Area to ports if the standby CP is running a firmware version earlier than Fabric OS v6.2.0.
Trunk area
23
TABLE 6
Category
PWWN

Description
The entire Trunk Area trunk group share the same Port WWN within the trunk group. The PWWN is the same across the F_Port trunk that will have 0x2f or 0x25 as the first byte of the PWWN. The TA is part of the PWWN in the format listed in Table 7 on page 26. You can have trunking on, but you must disable the trunk ports before performing a firmware downgrade. Note: Removing a Trunk Area on ports running traffic is disruptive. Use caution before assigning a Trunk Area if you need to downgrade to a firmware earlier than Fabric OS v6.1.0.
Downgrade
Upgrade HA Sync
No limitations on upgrade to Fabric Os v6.1.0 if the F_Port is present on switch. Upgrading is not disruptive. If you plug in a standby-CP with a firmware version earlier than Fabric OS v6.1.0 and a Trunk Area is present on the switch, the CP blades will become out of sync. Only F_Port trunk ports are allowed on a Trunk Area port for Fabric OS v6.1.0. All other port types that include F/FL/E/EX are persistently disabled in Fabric OS v6.1.0. Port X is a port that has its Default Area the same as its Trunk Area. The only time you can remove port X from the trunk group is if the entire trunk group has the Trunk Area disabled. portCfgTrunkPort <port>, 0 will fail if a Trunk Area is enabled on a port. The port must be Trunk Area disabled first. switchCfgTrunk 0 will fail if a port has TA enabled. All ports on a switch must be TA disabled first. When you assign a Trunk Area to a trunk group, the Trunk Area cannot be port swapped; if a port is swapped, then you cannot assign a Trunk Area to that port. No more than one trunk master in a trunk group. The second trunk master will be persistently disabled with reason "Area has been acquired. When you assign a Trunk Area to a trunk group, the trunk group cannot have fast write enabled on those ports; if a port is fast write enabled, the port cannot be assigned a Trunk Area. FICON is not supported on F_port trunk ports. However, FICON can still run on ports that are not F_Port trunked within the same switch. F_Port masterless trunking is supported on ports 16-43 on the FC8-48 blade. On the FC8-48 and FC4-48C blades F_Port trunking supported only on ports 0 - 15. If an FC4-32 (Electron) blade has the Trunk Area enabled on ports 16 - 31 and the blade is swapped with an FC4-48C and FC8-48 blade, the Trunk Area ports will be persistently disabled. You can run the porttrunkarea command to assign a Trunk Area on those ports. You must first enable Trunking on the port before the port can have a Trunk Area assigned to it.
Port Types
Default Area
portCfgTrunkPort <port>, 0 switchCfgTrunk 0 Port Swap
Trunk Master
Fast Write
FICON
FC8-48 and FC4-48C blades
FC4-32 blade
Trunking
24
TABLE 6
Category
PID format

Description
F_Port masterless trunking is only supported in CORE PID format. Long distance is not allowed on F_Port trunks, which means a Trunk Area is not allowed on long distance ports; you cannot enable long distance on ports that have a Trunk Area assigned to them. Port mirroring is not supported on Trunk Area ports or on the PID of an F_Port trunk port. If you issue the configdownload command for a port configuration that is not compatible with F_Port trunking, and the port is Trunk Area enabled, then the port will be persistently disabled. Note: Configurations that are not compatible with F_Port trunking are long distance, port mirroring, non-CORE_PID, and Fastwrite.
Long Distance
Port mirroring configdownload
ICL Port AD DCC Policy
F_Port trunks are not allowed on ICL Ports. The porttrunkarea command does not allow it. You cannot create a Trunk Area on ports with different Admin Domains. You cannot create a Trunk Area in AD255. DCC policy enforcement for the F_Port trunk is based on the Trunk Area; the FDISC requests to a trunk port is accepted only if the WWN of the attached device is part of the DCC policy against the TA. The PWWN of the FLOGI sent from the AG will be dynamic for the F_Port trunk master. Because you do not know ahead of time what PWWN AG will use, the PWWN of the FLOGI will not go through DCC policy check on an F_Port trunk master. However, the PWWN of the FDISC will continue to go through DCC policy check. Creating a Trunk Area may remove the Index ("I") from the switch to be grouped to the Trunk Area. All ports in a Trunk Area share the same "I". This means that Domain,Index (D,I), which refer to an "I", that might have been removed, will no longer be part of the switch. Note: Ensure to include AD, zoning and DCC when creating a Trunk Area. You can remove the port from the Trunk Area to have the "I" back into effect. D,I will behave as normal, but you may see the effects of grouping ports into a single "I". Also, D,I continues to work for Trunk Area groups. The "I" can be used in D,I if the "I" was the "I" for the Trunk Area group. Note: I refers to Index and D,I refers to Domain,Index.
D.I. Zoning (D,I) AD (D, I) DCC and (PWWN, I) DCC
Two masters QoS
Two masters is not supported in the same F_Port trunk group. Not currently supported.
25
The following table describes the PWWN format for F_Port and N_Port trunk ports.
TABLE 7
NAA = 2
PWWN format for F_Port and N_Port trunk ports

2f:xx:nn:nn:nn:nn:nn:nn (1) 25:xx:nn:nn:nn:nn:nn:nn (1) Port WWNs for: switchs FX_Ports. Port WWNs for: switch's FX_Ports The valid range of xx is [0 - FF], for maximum of 256. The valid range of xx is [0 - FF], for maximum of 256.
NAA = 2
Trunk group creation

Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports, for example ports 0-3. The Brocade 300 switch supports a trunk group with up to eight ports. The trunking groups are based on the user port number, with contiguous eight ports as one group, such as 0 7, 8- 15, 16-23 and up to the number of ports on the switch.
Setting up F_Port trunking

F_Port trunking is enabled between two separate Fabric OS switches that support trunking and where all the ports on each switch reside in the same quad and are running the same speed. Trunk groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS switch with ports in the same port group or quad. A port group or a quad is a set of sequential ports, for example ports 0-3 in the figure shown below. The Brocade 300 platform supports a trunk group with up to eight ports. The trunking groups are based on the user port number, with contiguous eight ports as one group, such as 0 7, 8- 15, 16-23 and up to the number of ports on the switch. 1. Connect to the switch and log in as admin. 2. Ensure that both modules (Edge switch and the switch running in AG mode) have the trunking licenses enabled. 3. Ensure that the ports have trunking enabled by issuing the portcfgshow command. If Trunking is not enabled, issue the portcfgtrunkport <port>, 1 command. 4. Ensure that ports will become the same speed within the trunk. 5. Ensure that Edge switch F_Port trunk ports are connected within the asic supported trunk group on AG switch. 6. Ensure that both modules are running the same Fabric OS versions. 7. Configure the trunk on the Edge switch by assigning the Trunk Area (TA) using the Assigning a Trunk Area procedure.
8. Enable F_Port trunking.
26
Assigning a Trunk Area

You must enable trunking on all ports to be included in a Trunk Area before you can create a Trunk Area. Use the portCfgTrunkPort or switchCfgTrunk command to enable trunking on a port or on all ports of a switch. Issue the porttrunkarea command to assign a static TA on a port or port trunk group, to remove a TA from a port or group of ports in a trunk, and to display masterless trunking information. You can remove specified ports from a TA using the porttrunkarea --disable command; however this command does not unassign a TA if its previously assigned Area_ID is the same address identifier (Area_ID) of the TA unless all the ports in the trunk group are specified to be unassigned. For more information on the porttrunkarea command, enter help porttrunkarea or see the Fabric OS Command Reference. F_Port trunking will not support shared area ports 16 - 47 on the Brocade FC8-48 and FC4-48C blades. The following table shows an example of the Address Identifier.
TABLE 8
23 22 21
Address identifier
20 19 18 17 16 15 14 13 12
Area_ID Address Identifier
11
10
7 6
Port ID
1 0
Domain ID
1. Connect to the switch and log in as admin. 2. Disable the ports to be included in the TA. 3. Enable TA for ports 13 and 14 on slot 10 with port index of 125:
switch:admin> porttrunkarea --enable 10/13-14 -index 125 Trunk index 125 enabled for ports 10/13 and 10/14
4. Show the TA port configuration (ports still disabled):

switch:admin> porttrunkarea --show enabled Slot Port Type State Master TI DI ------------------------------------------10 13 ---125 125 10 14 ---125 126 -------------------------------------------
5. Enable ports 13 and 14:

switch:admin> portenable 10/13 switch:admin> portenable 10/14
6. Show the TA port configuration after enabling the ports:

switch:admin> porttrunkarea --show enabled Slot Port Type State Master TI DI ------------------------------------------10 13 F-port Master 10/13 125 125 10 14 F-port Slave 10/13 125 126
27
Configuration management for trunk areas
Enabling the DCC policy on trunk

1. After you assign a Trunk Area, the porttrunkarea CLI checks whether there are any active DCC policies on the port with the index TA, and then issues a warning to add all the device WWNs to the existing DCC policy with index as TA. All DCC policies that refer to an Index that no longer exist will not be in effect. 2. Add the WWN of all the devices to the DCC policy against the TA. 3. Issue the secpolicyactivate command to activate the DCC policy. You must enable the TA before issuing the secpolicyactivate command in order for security to enforce the DCC policy on the trunk ports. 4. Turn on the trunk ports. Trunk ports should be turned on after issuing the secpolicyactivate command to prevent the ports from becoming disabled in the case where there is a DCC security policy violation.

Ports from different ADs are not allowed to join the same Trunk Area group. The porttrunkarea command prevents the different AD's from joining the TA group. When you assign a TA, the ports within the TA group will have the same Index. The Index that was assigned to the ports is no longer part of the switch. Any Domain,Index (D,I) AD that was assumed to be part of the domain may no longer exist for that domain because it was removed from the switch.
Example: How Trunk Area assignment affects the port Domain,Index
If you have AD1: 3,7; 3,8; 4,13; 4,14 and AD2: 3,9; 3,10, and then create a TA with Index 8 with ports that have index 7, 8, 9, and 10. Then index 7, 9, and 10 are no longer with domain 3. This means that AD2 does not have access to any ports because index 9 and 10 no longer exist on domain 3. This also means that AD1 no longer has 3,7in effect because Index 7 no longer exists for domain 3. AD1's 3,8, which is the TA group, can still be seen by AD1 along with 4,13 and 4,14. A port within a TA can be removed, but this adds the Index back to the switch. For example, the same AD1 and AD2 with TA 8 holds true. If you remove port 7 from the TA, it adds Index 7 back to the switch. That means AD1's 3,7 can be seen by AD1 along with 3,8; 4,13 and 4,14.
Enabling Access Gateway trunking

1. Disable ports 36 - 39 by executing portdisable port for each port to be included in the TA. 2. Enable Trunk Area for ports 36 - 39 with area number 37:
switch:admin> porttrunkarea --enable 36-39 -index 37 Trunk area 37 enabled for ports 36, 37, 38 and 39.
3. Re-enable ports 36-39 by executing portenable port for each port in the TA. 4. Show switch/port information:
switch:admin> switchshow switchName: SPIRIT_B4_01
28
switchType: 66.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 2 switchId: fffc02 switchWwn: 10:00:00:05:1e:41:22:80 zoning: OFF switchBeacon: OFF FC Router: ON FC Router BB Fabric ID: 100 Area Port Media Speed State Proto ===================================== 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 --------id -----------------------id id id id id id id id N8 N8 N8 N8 N8 N8 N8 N8 N4 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N8 N4 N4 N4 N4 N4 N4 N4 N4 No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module Online No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Module No_Light No_Light No_Light No_Light Online Online Online Online
F-Port
10:00:00:00:00:01:00:00
F-Port F-Port F-Port F-Port
20:14:00:05:1e:41:4b:4d 20:15:00:05:1e:41:4b:4d 20:16:00:05:1e:41:4b:4d 2 NPIV public
5. Display TA enabled port configuration:

switch:admin> porttrunkarea --show enabled
29
Access Gateway Cascading
Port Type State Master TA DA ------------------------------------36 ---37 36 37 ---37 37 38 ---37 38 39 ---37 39
Disabling F_Port trunking

1. Connect to the switch and log in as admin. 2. Enter the porttrunkarea --disable command.
switch:admin> porttrunkarea --disable 36-39 ERROR: port 36 has to be disabled
Disable each port prior to removing ports from the TA. Then reissue the command:
switch:admin> porttrunkarea --disable 36-39 Trunk area 37 disabled for ports 36, 37, 38 and 39.
F_Port Trunking monitoring

For F_Port masterless trunking, you must install Filter, EE or TT monitors on the F_Port trunk port. Whenever the master port changes, it is required to move the monitor to the new master port. For example, if a master port goes down, a new master is selected from the remaining slave ports. APM must delete the monitor from the old master and install the monitor on new master port. If you attempt to add a monitor to a slave port, it is automatically added to the master port.

Access Gateway cascading is when you connect two Access Gateway (AG) switches linking one end as an N_Port and the other end as an F_Port. The AG switch that is directly connected to the fabric is referred to as the Core AG. The AG switch that is connected to the device is referred to as the Edge AG. The following figure describes Access Gateway cascading.
30
FIGURE 9
Access Gateway cascading
Ports are connected between the two AG switches, which are connected to each other. AG cascading connections between devices increase the network use because cascading provides higher over-subscription while allowing you to consolidate the number of ports going to the main fabric. There is no license requirement to use this feature. The configuration considerations when cascading Access Gateway modules/switches are:
You can enable the Port Grouping (PG) policy on both the Edge and Core AG switches. Only one level of cascading is supported. Note that several Edge AGs can connect into a single
Core AG to support higher consolidation ratios.
AG trunking between the Edge and Core AG switches is not supported. Trunking between the
Core AG switch and the fabric is supported.
It is recommended you enable the Advanced Security Policy (ADS) on the AG F_Ports that are
directly connected to the servers.
APC policy is not supported when cascading. Loopbacks (Core AG N_port to Edge AG F_Port) are not allowed. The agshow command issued on the fabric will discover only the Core AG switches. If issued as
agshow --name <AG Name>, then the F_ports of both the Core and Edge AG switches will be shown for the Core AG switch.
31
32
Chapter
Connecting Devices Using Access Gateway
In this chapter
Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . Fabric and Edge switch configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rejoining switches to a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33 33 35 40 43
Connectivity of multiple devices overview

This chapter describes how to connect multiple devices to a switch in Access Gateway (AG) mode, discusses Edge switch compatibility, port requirements, NPIV HBA, and interoperability. Access Gateway supports Direct Target Attach, which allows you to directly attach a target device to a switch in AG mode if the AG switch is connected to an external fabric. AG does not support daisy chaining when two AG devices are connected to each other. Switches in AG mode can connect to other types of fabrics on Edge switches with the following firmware versions:
M-EOSc v9.6.2 or later and M-EOSn v9.6 Cisco v3.0(1) or later, v3.1(1) or later, and v3.2(1) or later. Only FCP initiator ports can be connected to a switch in AG mode as F_Ports. FCP target ports
are supported if a switch in AG mode is connected to an external switch. Loop devices and FICON channels/control unit connectivity are not supported.
When a switch is in AG mode, it can be connected to NPIV-enabled HBAs, or F_Ports that are
NPIV-aware. Access Gateway supports NPIV industry standards per FC-LS-2 v1.4.
Fabric and Edge switch configuration

To connect hosts to the fabric using Access Gateway, configure the fabric using the following parameters. These parameters apply to Fabric OS, M-EOS, and Cisco-based fabrics:
Install and configure the switch as described in the switchs Hardware Reference Manual
before performing these procedures.
Verify that the interop mode parameter is set to 0, Brocade Native mode, or the switch mode is
in Native mode.
Configure the F_Ports on the Edge switch to which Access Gateway is connected as follows: Enable NPIV. Disable long distance mode.
33
Fabric and Edge switch configuration
Allow multiple logins. The recommended fabric login setting is the maximum allowed per
port and per switch.
Use only WWN zoning throughout the fabric. Access Gateway does not support domain ID and
other types of zoning schemes.
Include the Access Gateway WWN or the port WWN of the N_Ports, also include the HBA WWNs
that will be connected to AG F_Ports to the ACL list in ACL policies.
Allow inband queries for forwarded fabric management requests from the hosts. Add the
Access Gateway switch WWN to the access list if inband queries are restricted. Before connecting Access Gateway to a Fabric OS fabric, disable the Fabric OS Management Server Platform Service.
NOTE
Verifying the switch mode

1. Connect to the switch and log in as admin. 2. Enter the switchShow command to display the current switch configuration. The following example shows a switch in the Fabric OS Native mode where switchMode displays as Native.
switch:admin> switchshow switchName: switch switchType: 43.2 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: fffc01 switchWwn: 10:00:00:05:1e:03:4b:e7 zoning: OFF switchBeacon: OFF Area Port Media Speed State Proto ===================================== 0 0 -N4 No_Module 1 1 cu N4 Online 2 2 cu N4 Online 3 3 cu AN No_Sync 4 4 cu AN No_Sync 5 5 cu N4 Online 6 6 cu N4 Online 7 7 cu AN No_Sync 8 8 cu AN No_Sync 9 9 cu AN No_Sync 10 10 cu AN No_Sync 11 11 cu AN No_Sync 12 12 cu AN No_Sync 13 13 cu AN No_Sync 14 14 cu AN No_Sync 15 15 cu AN No_Sync 16 16 cu AN No_Sync 17 17 -N4 No_Module 18 18 -N4 No_Module 19 19 -N4 No_Module
F-Port F-Port
50:06:0b:00:00:3c:b7:32 10:00:00:00:c9:35:43:f5
Disabled (Persistent) F-Port 50:06:0b:00:00:3c:b4:3e F-Port 10:00:00:00:c9:35:43:f3 Disabled (Persistent) Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled (Persistent) (Persistent) (Persistent) (Persistent) (Persistent) (Persistent) (Persistent) (Persistent)
34
Connectivity to Cisco Fabrics
20 20 21 21 master) 22 22 23 23
-id id id
N4 N4 N4 N4
No_Module Online Online Online
E-Port E-Port E-Port
segmented,(zone conflict)(Trunk (Trunk port, master is Port 21 ) (Trunk port, master is Port 21 )
See Table 10 on page 41 for a description of the port state. If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode, and then reboot the switch.
Setting the Fabric OS switch to Native Mode

1. Connect to the switch and log in as admin. 2. Enter the switchDisable command to disable the switch.
switch:admin> switchdisable
3. Save the switch configuration using the configUpload command. a. b. Verify that the FTP service is running on the host computer. Enter the configUpload command. The command becomes interactive and you are prompted for the required information. 4. Enter the configure command and verify that interop mode is set to 0.
Enabling NPIV on the M-EOS switch

1. Connect to the switch and log in as admin on the M-EOS switch. 2. Enable the MS services by entering the following command:
config OpenSysMs setState
3. Enable NPIV functionality on the Edge fabric ports so that multiple logins are allowed for each port. Enter the following command on the M-EOS switch to enable NPIV on the specified ports.
config NPIV
Your M-EOS switch is now ready to connect.
NOTE
You can run the agshow command to display Access Gateway information registered with the fabric. When an Access Gateway is exclusively connected to Non-FOS based switches, it will not show up in the agshow output on other Brocade Switches in the fabric.

When connecting a switch in Access Gateway mode to a Cisco fabric where certain QLogic-based devices are present behind the switch in AG mode, some QLogic FC ASIC-based Host Bus Adapters (HBA)s are not compatible with the routing mechanism used by switches in AG mode.
35
In this case, you must configure the Cisco switch using the Cisco provided procedures to ensure interoperability with Access Gateway. If you are using Emulex HBAs or any other HBAs that are not based on QLogic FC ASIC technology, ensure that N_Port ID Virtualization (NPIV) is enabled on the Cisco switch and that the switch is running SAN-OS 3.0 (1) or SAN-OS 3.1 (1) or later. By default, NPIV is enabled per switch and not per port.
Access Gateway routing requirements with Cisco fabrics

The routing mechanism that switches in AG mode and the work around from Cisco to enable Cisco MDS switches to interoperate with certain QLogic-based devices behind the AG switch is based on the Cisco Company ID list. Expanding the 8-bit ALPA routing in AG to 16-bit routing, which uses both the Area and the ALPA fields, allows AG to handle PIDs with lower 8 bits. In ALPA routing mode, Cisco switches assign PIDs to NPIV devices that differ in the lower 16 bits and assign PIDs for NPIV logins in the format of ddXXXX. Fabric OS switches assigns PIDs in the format of ddaaXX. You can configure these switches to route frames to a destination port based on the lower 16 bits in the PID. Because switches in AG mode use the lower 8 bits of the FCID (that is, the ALPA/Port_ID field) to route the frames between its F_Ports (connected to servers) and N_Ports (connected to the fabric) Access Gateway cannot accept:
Two FCIDs with the same lower 8 bits on the same N_Port (for example, 0xaabb02 and
0xccdd02)
A "00" in the ALPA/Port_ID field of the FCID, which is returned for F_Ports logins (that is, server
HBA logins behind AG, also known as FDISC logins. If either of these two situations is detected, the switch in AG mode persistently disables the server ports with the reason code "Duplicate ALPA detected."
Enabling NPIV on a Cisco switch

1. Log in as admin on the Cisco MDS switch. 2. Enter the show version command to determine that you are using the correct SAN-OS version and to see if NPIV is enabled on the switch. 3. Enter the following commands to enable NPIV:
conf t enable npiv
4. Press Ctrl-Z to exit. 5. Enter the following commands to save the MDS switch connection:
copy run start
Your Cisco switch is now ready to connect to a switch in Access Gateway mode.
36
Workaround for QLogic-based devices

If there are QLogic-based devices behind a switch in AG mode, you must use the Cisco provided procedures to connect to a Fabric OS switch in AG mode to a Cisco fabric. Cisco software maintains a list of QLogic-based HBAs. Each HBA is identified by its company ID (also know as Organizational Unit Identifier, or OUI) used in the PWWN during a fabric log in. You can modify the Cisco Company ID entries using the CLI.
NOTE
You must set the fcinterop FC ID allocation scheme to auto and use the company ID list and persistent FC ID configuration to manipulate the FC ID device allocation. Table 9 shows the Cisco Company ID list, which shows the OUI ID as the three middle bytes of the World Wide Name (WWN). This OUI ID format is used for initiator devices.
TABLE 9
00:E0:8B 00:09:6B 00:11:25 00:50:8B
OUI IDs that require special treatment

OUI ID
00:02:6B 00:06:2B 00:14:5E 00:A0:B8 WWN: 00:00:11:22:33:00:00:00 OUI
00:60:B0 00:90:A5 00:50:2E
00:D0:60 00:E0:69 00:D0:B2
For detailed documentation on the FCID allocation for HBAs, go to: http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/san-os/configu ration/guide/adv.html#wp1127676
Editing Company ID List if no FC target devices on switch

You can connect a Cisco MDS switch to a switch in AG mode if there are no FC target devices, such as storage arrays on the Cisco switch. You can do this by editing the Company ID List or by placing the Cisco switch FCID allocation mode into FLAT mode. 1. Connect to the switch and log in as admin on the Cisco MDS switch. 2. From the Company ID List, delete the OUI IDs of all the HBAs that are connected through the switch in AG mode. 3. Delete the OUI IDs if and only if they are in the Company ID List. 4. Enter the following commands to determine the OUIs in the Company ID List:
switch#_show fcid-allocation area FCID area allocation company id info: 00:50:2E <- Default entry 00:50:8B 00:60:B0 00:E0:79 00:0D:60 + <- User added entry 00:09:6B + <- User added entry
37
00:E0:8B * <- Explicitly deleted entry (from the original default list) Total company ids 6 + - Additional user configured company ids * -Explicitly deleted company ids from default list.
Adding or deleting an OUI from the Company ID List

The following example shows how to add or delete an OUI (0x112233) from the Company ID List. 1. Enter the following command:
config t
2. Enter the following command to add the OUI ID 0x112233 to list:

fcid-allocation area company-id 0x112233
3. Enter the following command to delete the OUI ID 0x445566 from list:
no fcid-allocation area company-id 0x445566
4. Enter the following command to display the list:

do show fcid-allocation area
5. Press Ctrl-Z to exit. 6. Issue the following command to save the MDS switch configuration.
copy run start
Ensure that the OUI IDs of the attached target devices are listed in the updated Company ID List. After you update the list, you are ready to connect the Access Gateway device. If any of the AG server ports (F_Ports) report that the port is disabled with reason code Duplicate ALPA Detected, then use the follow considerations:
Ensure that the debug FLOGI mode is not enabled; Cisco does not support NPIV when FLOGI
debug is set. Run the show debug flogi command to verify that the FLOGI mode is not enabled. If the FLOGI mode is enabled, you must disable it using the following FLOGI debug commands:
config t no flogi debug Press Ctrl-Z to exit copy run start Saves MDS switch configuration
By default, if this is a new or an existing VSAN to use with the switch in Access Gateway mode,
the default policy for access is "deny." Either set it to "permit" or zone the devices for access.
Access Gateway is compatible with Cisco VSAN, Dynamic Port VSAN (DVPM), and Inter-VSAN
Routing (IVR) features; however, you may need to use the AG Port Grouping policy to take full advantage of these MDS features. For more information on the Port Grouping policy, see the Port Grouping policy on page 18.
38
Enabling Flat FCID mode if no FC target devices on switch

1. Alternatively, you can place the Cisco switch FCID allocation mode into FLAT mode by entering the following commands:
config t fcinterop fcid-allocation flat
2. Enter the following command to enable VSAN mode:

vsan database
3. Enter the following commands to enable the Flat FCID mode:

vsan <vsan#> suspend no vsan <vsan#> suspend
4. Press Ctrl-Z to exit. 5. Enter the following command to save the MDS switch configuration:
copy run start
NOTE
If there are any device(s) in the VSAN that you suspend, it takes that device offline until you unsuspend that VSAN.
Editing Company ID list if target devices on switch

If there are target devices on the switch, you must add the OUI of all the target devices present on the switch to the Company ID list, and then delete the OUI IDs of all the HBAs that are connected through the switch in Access Gateway mode from the Company ID list. You must remove the OUI IDs if and only if they are in the Company ID list. Use the following commands to determine if the OUIs in the Company ID list:
switch#_show fcid-allocation area FCID area allocation company id info: 00:50:2E <- Default entry 00:50:8B 00:60:B0 00:E0:79 00:0D:60 + <- User -added entry 00:09:6B + <- User -added entry 00:E0:8B * <- Explicitly deleted entry (from the original default list) Total company ids 6 + - Additional user configured company ids * -Explicitly deleted company ids from default list.
You can also use the Persistent FCID field in the Cisco GUI tool to manually assign the FCIDs to QLogic-based devices behind the Access Gateway module. If you use the method, ensure that proper FCIDs are assigned, which have a different Area field from the target devices connected to the same MDS switch. See Access Gateway routing requirements with Cisco fabrics on page 36 to ensure that the switch meets the AG routing requirements.
NOTE
39
Access Gateway mode
Access Gateway mode

Before enabling a switch to AG mode, you must save the switch configuration because after you enable AG mode, some fabric information is erased, such as the zone and security databases. For information on backing up and restoring the configuration file, refer to the Fabric OS Administrators Guide. Enabling AG mode is disruptive; the switch is disabled and rebooted. You must verify that the switch is set to Native mode or interopmode 0. Run the switchshow command to verify the switch mode. If the switch mode is anything other than 0, you must run the interopmode 0 command to set the switch to Native mode. For more information on setting switches to Native mode, see Setting the Fabric OS switch to Native Mode on page 35. For more information on ag commands, refer to the Fabric OS Command Reference. If you are setting the Brocade 300 and 200E switches to AG modes, you must enable all ports using POD licensing before enabling Access Gateway mode. The maximum number of AGs that can be connected to an Edge switch is 30. The maximum number of devices that can be connected to a Fabric OS switch through AG depends on the maximum number of local devices that are supported by Fabric OS.
NOTE
Enabling Access Gateway mode

Ensure that no zoning or AD transaction buffers are active. If any transaction buffer is active, enabling AG mode will fail with the error, Failed to clear Zoning/Admin Domain configuration. 1. Enter the ag --modeenable command.
switch:admin> ag --modeenable
The switch automatically reboots and comes back online in AG mode using a factory default F_Port-to-N_Port mapping. For more information on AG default F_Port-to-N_Port mapping, see Table 11 on page 53. 2. Enter the ag --modeshow command to verify that AG mode is enabled.
switch:admin> ag --modeshow Access Gateway mode is enabled.
3. Enter the ag --mapshow command without any options to display all the mapped ports. The ag --mapshow command shows all the N_Ports (with the portcfgnport value of 1) even if those N_Ports are not connected.
switch:admin> ag --mapshow N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name ----------------------------------------------------------------------------0 4;5;6 4;5;6 1 0 2 SecondFabric 1 7;8;9 7;8;9 0 1 0 pg0 2 10;11 10;11 1 0 2 SecondFabric 3 12;13 12;13 0 1 0 pg0 -----------------------------------------------------------------------------
40
Access Gateway mode
4. Enter the switchShow command without any options to display the status of all ports.
switch:admin> switchshow switchName: switch switchType: 43.2 switchState: Online switchMode: Access Gateway Mode switchWwn: 10:00:00:05:1e:03:4b:e7 switchBeacon: OFF
Area Port Media Speed State Proto ===================================== 0 0 -N4 No_Module 1 1 cu N4 Online 2 2 cu N4 Online 3 3 cu N4 Online 4 4 cu N4 Online 5 5 cu N4 Online 6 6 cu N4 Online 7 7 cu AN No_Sync 8 8 cu N4 Online 9 9 cu AN No_Sync 10 10 cu AN No_Sync 11 11 cu AN No_Sync 12 12 cu AN No_Sync 13 13 cu AN No_Sync 14 14 cu AN No_Sync 15 15 cu AN No_Sync 16 16 cu AN No_Sync 17 17 -N4 No_Module 18 18 -N4 No_Module 19 19 id N4 No_Light 20 20 -N4 No_Module 21 21 id N4 Online 22 22 id N4 Online 23 23 id N4 Online
F-Port 50:06:0b:00:00:3c:b7:32 F-Port 10:00:00:00:c9:35:43:f5 F-Port 50:06:0b:00:00:3c:b6:1e F-Port 10:00:00:00:c9:35:43:9b F-Port 50:06:0b:00:00:3c:b4:3e F-Port 10:00:00:00:c9:35:43:f3 Disabled (Persistent) F-Port 10:00:00:00:c9:35:43:a1 Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent)
0x5a0101 0x5a0003 0x5a0102 0x5a0002 0x5a0201 0x5a0202 0x5a0001
N-Port N-Port N-Port
10:00:00:05:1e:35:10:1e 0x5a0200 10:00:00:05:1e:35:10:1e 0x5a0100 10:00:00:05:1e:35:10:1e 0x5a0000
Port States
The following table describes the possible port states.
TABLE 10
State
No _Card No _Module Mod_Val Mod_Inv No_Light No_Sync In_Sync Laser_Flt Port_Flt
Port state description

Description
No interface card present No module (GBIC or other) present Module validation in process Invalid module The module is not receiving light Receiving light but out of sync Receiving light and in sync Module is signaling a laser fault Port marked faulty
41
Access Gateway mode
TABLE 10
State
Diag_Flt Lock_Ref Testing Offline Online
Port state description

Description
Port failed diagnostics Locking to the reference signal Running diagnostics Connection not established (only for virtual ports) The port is up and running
Disabling Access Gateway mode

Before you disable a switch in AG mode, you should always back up the current configuration. Disabling AG mode clears the F_Port-to-N_Port mapping. Disabling AG mode is disruptive; the switch is disabled and rebooted. After AG mode is disabled, the switch starts in Fabric OS Native mode. The switch will segment from the fabric upon reboot. To re-join the switch to the core fabric, refer to Rejoining switches to a fabric on page 43. For additional information on reconfiguring a switch and joining it to a fabric, see the Fabric OS Administrators Guide. 1. Connect to the switch and log in as admin. 2. Enter the ag --modeshow command to verify that the switch is in AG mode.
switch:admin> ag --modeshow Access Gateway mode is enabled
3. Enter the switchDisable command to disable the switch.

switch:admin> switchdisable
NOTE
To save the Access Gateway configuration, use the configUpload command before proceeding with the next step. 4. Enter the ag command with the --modedisable operand to disable AG mode.
switch:admin> ag --modedisable
The switch automatically reboots and comes back online using the fabric switch configuration; the AG parameters, such as F_Port-to-N_Port mapping, and the Failover and Failback policies are automatically removed. 5. Enter the ag --modeshow command to verify that AG mode is disabled.
switch:admin> ag --modeshow Access Gateway mode is NOT enabled
Saving the Access Gateway configuration

1. Connect to the switch and log in as admin. 2. Enter the configUpload command.
42
Rejoining switches to a fabric

After a switch reboots and AG mode is disabled, the Default zone is set to no access. Therefore, the switch does not immediately join the fabric to which it is connected. Use one of the following methods to re-join a switch to the fabric:
If you saved a Fabric OS configuration before enabling AG mode, download the configuration
using the configDownload command.
If you want to re-join the switch to the fabric using the fabric configuration, use the following
procedure. 1. Connect to the switch and log in as admin. 2. Enter the switchDisable command to disable the switch. 3. Enter the defZone --allAccess command to allow the switch to merge with the fabric. 4. Enter the cfgSave command to commit the defzone changes. 5. Enter the switchEnable command to enable the switch and allow it to merge with the fabric. The switch automatically re-joins the fabric.
Reverting to a previous configuration

1. Connect to the switch and log in as admin. 2. Enter the switchDisable command to disable the switch. 3. Enter the configDownload command to revert to the previous configuration. 4. Enter the switchEnable command to bring the switch back online. The switch automatically joins the fabric.
43
44
Chapter
Configuring Ports in Access Gateway mode
In this chapter
Port Initialization in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . 45 N_Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Port Initialization in Access Gateway mode

This chapter explains how to configure ports in Access Gateway mode and how to implement Access Gateway masterless trunking. You must have the role of securityadmin, admin, or user to configure AG. To ensure that all hosts are brought online when a switch in Access Gateway mode starts up, the ports are initialized in the following manner: 1. When you enable a switch to AG mode, N_Ports are initialized only if they belong to the default factory configuration of the switch. During N_Port initialization all the F_Ports are disabled (kept offline). The ports are enabled or disabled as follows:
Enabled (online) if the port receives a fabric login event and is connected to an F_Port of
an Edge switch that supports NPIV (N_Port ID Virtualization).
Disabled (offline) if the port is not connected to a fabric or is connected to a fabric port
that does not support NPIV. 2. All F_Ports mapped to online N_Ports are enabled. 3. F_Ports mapped to an offline N_Port with the failover policy enabled fail over to an online N_Port. 4. The host logs into the fabric as follows: a. b. c. d. e. The host sends a FLOGI (fabric login) request. Access Gateway converts the FLOGI request into an FDISC request to the fabric with the same parameters as the host. The fabric processes the request and sends an FDISC response. Access Gateway converts the FDISC Accept link service reply (ACC) response to the host as an FLOGI ACC using the same parameters as the fabric. The host receives the response from the fabric. Figure 10 shows Access Gateway logically transparent to the host and the fabric after ports are initialized.
45
N_Ports
b d e
FIGURE 10
Initialized ports in Access Gateway
You can expand your fabric by configuring the F_Ports to connect to the fabric as N_Ports, which increases the number of device ports you can connect to a single fabric port. You can connect AG to more than one fabric. When AG is connected to at least one Edge switch in the fabric, Fibre Channel ports operate as either a target or as an initiator. Fibre Channel ports target ports can also connect to AG as F_Ports. The following combinations are possible with initiators and targets:
All F_Ports connect to the FCP initiator port. All F_Ports connect to the FCP target port. Some F_Ports connect to the FCP initiator port and some connected to FCP target port. Targets and hosts that are connected to the same AG are not supported.
N_Ports
The AG port connected to the Enterprise fabric must be configured as an N_Port using the portcfgnport mode command. By default, on embedded switches, only the internal ports of Access Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. For more information on which ports are mapped by default, see Table 11 on page 53. The internal ports connect hosts in the bladed server and external ports connect to the fabric. The enabled N_Port will automatically come online if it is connected to an Enterprise fabric switch that supports NPIV. NPIV capability should be enabled on the ports connected to the Access Gateway. Use the portcfgnpivport command to enable NPIV capability on the specific port. By default, NPIV is enabled on 8 Gbps switches.
NOTE
If NPIV is disabled on the Brocade Edge switch after the Access Gateway N_port is logged in, the N_port on the Access Gateway will not be logged out if NPIV devices have not logged in using that N_port. In this case you must manually disable the N_port on the Access Gateway. See the Fabric OS Administrators Guide for more information.
NOTE
A switch in Access Gateway mode must have at least one port configured as an N_Port. Therefore, the maximum number of F_Ports that can be mapped to an N_Port is the number of ports on the switch minus one.
46
N_Ports
Figure 11 shows a host connected to an embedded switchs external F_Port when Access Gateway is enabled. The configured F_Port is mapped to an N_Port.
FIGURE 11
Example of adding an external F_Port (F9) on an embedded switch
Unlocking N_Ports
Unlocking the N_Port configuration automatically changes the port to an F_Port. When you unlock an N_Port, the F_Ports are automatically unmapped and disabled. 1. Connect to the switch and log in as admin. 2. Enter the portcfgnport command.
NOTE
The portcfgnport command only works when the Port Grouping policy is enabled.
switch:admin> portcfgnport Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 --------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
3. Enter the portcfgnport command with <portnumber> 0 operand to unlock N_Port mode.
switch:admin> portcfgnport 10 0
Alternatively, to lock a port in N_Port mode, enter the portcfgnport <portnumber> 1 command.
switch:admin> portcfgnport 10 1
47
N_Ports
By default, on embedded switches, all external ports are configured as N_Port lock mode when you enable Access Gateway. Access Gateway connects only FCP initiators and targets to the fabric. It does not support other types of ports, such as ISL (interswitch link) ports. The port types on a fabric switch are not locked. Fabric OS Native mode dynamically assigns the port type based on the connected device: F_Ports and FL_Ports for hosts, HBAs, and storage devices; and E_Ports, EX_Ports, and VE_Ports for connections to other switches.
Displaying N_Port configurations

1. Connect to the switch and log in as admin. 2. Enter the portcfgnport command.
switch:admin> portcfgnport Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 --------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
Verifying port mapping and status

You can display the port mappings and status of the host connections to the fabric on Access Gateway using the ag --mapshow command. See the Fabric OS Command Reference for more information on the ag command. 1. Connect to the switch and log in as admin. 2. Enter the ag --mapshow command.
switch:admin> ag --mapshow N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name ----------------------------------------------------------------------------0 4;5;6 4;5;6 1 0 2 SecondFabric 1 7;8;9 7;8;9 0 1 0 pg0 2 10;11 10;11 1 0 2 SecondFabric 3 12;13 12;13 0 1 0 pg0 -----------------------------------------------------------------------------
Use the following parameters: N_Port Configured F_Ports Current F_Ports The numbers of ports locked in N_Port mode. The F_Ports that are mapped to the corresponding N_Port. Shows the F_Ports that are currently connected to the fabric on the corresponding N_Port. In the case of failover, the current F_Ports and configured F_Ports differ. Indicates whether the N_Port policy is enabled (1) or disabled (0). Indicates whether the Port Grouping policy is enabled (1) or disabled (0).
Failover and Failback PG_ID and PG_Name
48
N_Ports
Displaying N_Port mapping

1. Connect to the switch and log in as admin. 2. Enter the ag --mapshow command and specify the port number. The N_Port failover and failback policies and the mapped F_Ports displays.
switch:admin> ag --mapshow N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name ---------------------------------------------------------------------------0 4;6 4;6 1 0 2 SecondFabric 1 7;8;9 7;8;9 0 1 0 pg0 2 5;10;11 5;10;11 1 0 2 SecondFabric 3 12;13 12;13 0 1 0 pg0
Displaying port status

1. Connect to the switch and log in as admin. 2. Enter the switchshow command without any operands.
switch:admin> switchshow switchName: switch switchType: 43.2 switchState: Online switchMode: Access Gateway Mode switchWwn: 10:00:00:05:1e:03:4b:e7 switchBeacon: OFF Area Port Media Speed State Proto ===================================== 0 0 -N4 No_Module 1 1 cu N4 Online 2 2 cu N4 Online 3 3 cu N4 Online 4 4 cu N4 Online 5 5 cu N4 Online 6 6 cu N4 Online 7 7 cu AN No_Sync 8 8 cu N4 Online 9 9 cu AN No_Sync 10 10 cu AN No_Sync 11 11 cu AN No_Sync 12 12 cu AN No_Sync 13 13 cu AN No_Sync 14 14 cu AN No_Sync 15 15 cu AN No_Sync 16 16 cu AN No_Sync 17 17 -N4 No_Module 18 18 -N4 No_Module 19 19 id N4 No_Light 20 20 -N4 No_Module 21 21 id N4 Online 22 22 id N4 Online 23 23 id N4 Online
F-Port 50:06:0b:00:00:3c:b7:32 F-Port 10:00:00:00:c9:35:43:f5 F-Port 50:06:0b:00:00:3c:b6:1e F-Port 10:00:00:00:c9:35:43:9b F-Port 50:06:0b:00:00:3c:b4:3e F-Port 10:00:00:00:c9:35:43:f3 Disabled (Persistent) F-Port 10:00:00:00:c9:35:43:a1 Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent) Disabled (Persistent)
0x5a0101 0x5a0003 0x5a0102 0x5a0002 0x5a0201 0x5a0202 0x5a0001
10:00:00:05:1e:35:10:1e 0x5a0200 10:00:00:05:1e:35:10:1e 0x5a0100 10:00:00:05:1e:35:10:1e 0x5a0000
NOTE
For a description of the port state, see Table 10 on page 41.
49
Port configurations
Port configurations
The following mapping updates and adding and removing of ports are only applicable to the Port Grouping policy.
Adding F_Ports to an N_Port

When you update the mapping, only the F_Ports added or removed are affected. Adding an F_Port to an N_Port routes that traffic to and from the fabric through the specified N_Port. When you enable the failover policy and if the N_Port goes offline or fails, the F_Port automatically routes to another N_Port, which is connected to the same fabric. You can assign an F_Port to only one primary N_Port at a time. If the F_Port is already assigned to an N_Port, you must remove it from the N_Port before you can add it. Use the following procedure to add an F_Port to an N_Port.
NOTE
For bladed servers, the HBA connects to the internal ports. Internal ports are F_Ports. By default, only the external ports are configured as N_Ports. 1. Connect to the switch and log in as admin. 2. Enter the ag command with the --mapdel <n_portnumber> <F_Port1;...;F_Port2> operand to remove the F_Port from the N_Port. The f_portlist can contain multiple F_Port numbers separated by semicolons, for example 17;18.
switch:admin> ag --mapdel 10 6 F-Port to N-Port mapping has been updated successfully
3. Enter the switchshow command to verify that the F_Port is free (unassigned). Unassigned F_Port status is Disabled (No mapping for F_Port). See port 6 in the following example.
switch:admin> switchshow switchName: fsw534_4016 switchType: 45.0 switchState: Online switchMode: Access Gateway Mode switchWwn: 10:00:00:05:1e:02:1d:b0 switchBeacon: OFF Area Port Media Speed State Proto ===================================== 0 0 cu AN No_Sync 1 1 cu AN No_Sync 2 2 cu AN No_Sync 3 3 cu AN No_Sync 4 4 cu AN No_Sync 5 5 cu AN No_Sync 6 6 cu AN No_Sync 7 7 cu AN No_Sync 8 8 cu AN No_Sync 9 9 cu AN No_Sync 10 10 -N4 No_Module 11 11 -N4 No_Module 12 12 -N4 No_Module
Disabled Disabled Disabled Disabled Disabled Disabled
(N-Port Offline (N-Port Offline (N-Port Offline (N-Port Offline (N-Port Offline (No mapping for
for F-Port) for F-Port) for F-Port) for F-Port) for F-Port) F-Port)
50
Port configurations
13 14 15
13 14 15
id id id
N4 N4 N4
Online Online Online
10:00:00:05:1e:35:10:1e 0x5a0a00 10:00:00:05:1e:35:10:1e 0x5a0900 10:00:00:05:1e:35:10:1e 0x5a0800
4. Enter the ag command with the --mapadd <n_portnumber> <f_port1;f_port2;...> operand to add the list of F_Ports to the N_Port. The f_portlist can contain multiple F_Port numbers separated by semicolons, for example 17;18.
switch:admin> ag --mapadd 13 "6;7" F-Port to N-Port mapping has been updated successfully
5. Enter the ag --mapshow command with the n_portnumber operand to display the list of mapped F_Ports. Verify that the added F_Ports appear in the list.
switch:admin> ag --mapshow 13 N_Port Failover(1=enabled/0=disabled) Failback(1=enabled/0=disabled) Current F_Ports Configured F_Ports PG_ID PG_Name : : : : : : : 13 1 1 None 6;7 0 pg0
Removing F_Ports from an N_Port

Removing F_Ports from an N_Port unassigns the F_Port. The F_Port status changes to Disabled. (No mapping for F_Port). 1. Connect to the switch and log in as admin. 2. Enter the ag --mapdel command with the <n_portnumber> <f_port1;f_port2;...> operands to remove the list of F_Ports from the N_Port.
switch:admin> ag --mapdel 13 5;6 F-Port to N-Port mapping has been updated successfully
3. Enter the ag --mapshow command with the n_portnumber operand to display a list of mapped F_Ports. Verify that the F_Ports you removed are not in the list.
switch:admin> ag --mapshow 13 N_Port Failover(1=enabled/0=disabled) Failback(1=enabled/0=disabled) Current F_Ports Configured F_Ports PG_ID PG_Name : : : : : : 13 1 1 None 7 0
: pg0
51
Port configurations
Adding a preferred secondary N_Port

Preferred mapping is optional. Adding a preferred N_Port provides an alternate N_Port for F_Ports to fail over to. The F_Ports must have a primary N_Port mapping before a secondary N_Port can be configured. You add the F_Ports to a preferred secondary N_Port using the prefset command, which sets the preferred N_Port for one or more F_Ports. You can delete the F_Ports from the preferred N_Port using the prefdel command. This following procedure shows adding F_Ports 3 and 9 to preferred secondary N_Port 4. 1. Connect to the switch and log in as admin. 2. Enter the ag --prefset command with the <F_Port1;F_Port2; ...> <N_Port> operands to add the preferred secondary F_Ports to the specified N_Port. The F_Ports that you want to map must be enclosed in quotation marks and the port numbers must be separated by a semicolon, for example:
switch:admin> ag --prefset "3;9" 4 Preferred N_Port is set successfully for the F_Port[s]
Deleting F_Ports from a preferred secondary N_Port

This example shows deleting F_Ports 3 and 9 from preferred secondary N_Port 4. 1. Connect to the switch and log in as admin. 2. Enter the ag --prefdel command with the <F_Port1;F_Port2; ...> <N_Port> operands to delete the preferred F_Port mapping from the specified N_Port. The list of F_Ports to delete from the secondary mapping must be enclosed in quotation marks. Port numbers must be separated by a semicolon, for example:
switch:admin> ag --prefdel "3;9" 4 Preferred N_Port is deleted successfully for the F_Port[s]
52
Port configurations
The following table shows the default F_Port-to-N_Port mapping that is automatically configured when Access Gateway mode is enabled. All N_Ports have failover and failback enabled. All ports must have the POD license active to use Access Gateway on the Brocade 300 and 200E.
.
TABLE 11
Brocade Model
300
Access Gateway default F_Port-to-N_Port mapping

Total Ports
24
F_Ports
0-15
N_Ports
16 -23
Default F_ to N_Port Mapping

0, 1 mapped to 16 2, 3 mapped to 17 4, 5 mapped to 18 6, 7 mapped to 19 8, 9 mapped to 20 10, 11 mapped to 21 12, 13 mapped to 22 14, 15mapped to 23 0, 1, 2 mapped to 12 3, 4, 5 mapped to 13 6, 7, 8 mapped to 14 9, 10, 11 mapped to 15 0, 1 mapped to 8 2, 3 mapped to 9 4, 5 mapped to 10 6, 7 mapped to 11 0, 1 mapped to 10 2, 3 mapped to 11 4, 5 mapped to 12 6, 7 mapped to 13 8 mapped to 14 9 mapped to 15 4, 5, 12 mapped to 0 6, 7, 13 mapped to 1 8, 9, 14, 16 mapped to 2 10, 11, 15, 17 mapped to 3 1, 2 mapped to 0 3, 4 mapped to 15 5, 6, 7 mapped to 16 8, 9 mapped to port 17 10, 11 mapped to 18 12, 13, 14 mapped to 19 1, 2 mapped to 17 9, 10 mapped to 18 3, 4 mapped to 19 11, 12 mapped to 20 5, 6 mapped to 21 13, 14 mapped to 22 7, 8 mapped to 23 15, 16 mapped to 0
200E
16
0-11
12-15
4012
12
07
811
4016
16
09
1015
4018
18
4-11
0-3
4020
20
114
0, 1519
4024
24
116
0, 1723
53
Port configurations
TABLE 11
Brocade Model
4424

Total Ports
24
F_Ports
17-20
N_Ports
1-8

0, 17-23 as N_Port with failover enabled, failback enabled 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0 0, 17-23 are N_ports with failover enabled, failback enabled and PG policy 1, 2 mapped to 17 3, 4 mapped to 18 5, 6 mapped to 19 7, 8 mapped to 20 9, 10 mapped to 21 11, 12 mapped to 22 13, 14 mapped to 23 15, 16 mapped to 0 0, 15-19 are N_ports with failover enabled, failback enabled and PG policy 1, 2 mapped to 0 3, 4 mapped to 15 5, 6, 7 mapped to 16 8, 9 mapped to 17 10, 11 mapped to 18 12, 13, 14 mapped to 19 0, 17-23 are N_ports with failover enabled, failback enabled and PG policy 1, 2 mapped to 17 9, 10 mapped to 18 3, 4 mapped to 19 11, 12 mapped to 20 15, 16 mapped to 0 5, 6 mapped to 21 13, 14 mapped to 22 7, 8 mapped to 23
5424
24
0, 17-23
1-16
5470
20
0, 15-19
1-14
5480
24
0, 17-23
1-16
54
Port configurations
TABLE 11
Brocade Model
5100

Total Ports
40
F_Ports
32-39
N_Ports
0-31

32-39 as N_Port with failover enabled, failback enabled 0, 1, 2, 3 mapped to 32 4, 5, 6, 7 mapped to 33 8, 9, 10, 11 mapped to 34 12, 13, 14, 15 mapped to 35 16, 17, 18, 19 mapped to 36 20, 21, 22, 23 mapped to 37 24, 25, 26, 27 mapped to 38 28, 29, 30, 31 mapped to 39
55
Port configurations
56
Appendix
Troubleshooting
This appendix provides troubleshooting instructions.
TABLE 12
Problem
Troubleshooting
Cause
Switch is in Native switch mode
Solution
Disable switch using the switchDisable command. Enable Access Gateway mode using the ag --modeenable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Access Gateway Mode. On the Edge switch, enter the portCfgShow command. Verify that NPIV status for the port to which Brocade Access Gateway is connected is ON. If the status displays as -- NPIV is disabled. Enter the portCfgNpivPort <port_number> command with the 1 operand to enable NPIV. Repeat step for each port as required. On Brocade Access Gateway, enter the portCfgShow command. For each port that is to be activated as an N_Port, enter the portCfgNport <port_number> command with the 1 operand. All other ports remain as F_Port. To reset the port to an F_Port, enter the portCfgNpivPort <port_number> command with the 0 operand. Verify zoning on the Edge switch. Verify that F_Ports are mapped to an online N_Port. See Access Gateway default F_Port-to-N_Port mapping on page 53. Perform a visual inspection of the cabling, check for issues such as wrong ports, twisted cable, or bent cable. Replace the cable and try again.
Switch is not in Access Gateway mode
NPIV disabled on Edge switch ports
Inadvertently turned off
Need to reconfigure N_Port and F_Ports
Default port setting not adequate for customer environment
LUNs are not visible
Zoning on fabric switch is incorrect. Port mapping on Access Gateway mode switch is incorrect. Cabling not properly connected.
57
Troubleshooting
TABLE 12
Problem
Troubleshooting (Continued)
Cause
Failover disabled on N_Port.
Solution
Verify that failover and failback policies are enabled, as follows: Enter the ag --failoverShow command with the <port_number> operand. Enter the ag --failbackShow command with the <port_number> operand. Command returns Failback (or Failover) on N_Port <port_number> is supported. If it returns, Failback (or Failover) on N_Port <port_number> is not supported. See Adding a preferred secondary N_Port on page 52. Disable switch using the switchDisable command. Disable Access Gateway mode using the ag --modeDisable command. Answer yes when prompted; the switch reboots. Log in to the switch. Display the switch settings using the switchShow command. Verify that the field switchMode displays Fabric OS native mode.
Failover is not working
Access Gateway is mode not wanted
Access Gateway must be disabled.
If a Fabric OS switch is in Access Gateway mode and is also set to McDATA Fabric mode, when that switch is connected to an M-EOS switch, the Fabric OS switch does not display in the output when you run the agshow command.
NOTE
58
Index
A
Access Gateway cascading, 30 comparison to standard switches, 4 compatible fabrics, 2 connecting devices, 33 connecting two AGs, 30 description, 1 displaying information, 35 features, 2 mapping description, 6 port mapping, 5 port types, 4 Access Gateway mode comparison, 2 direct target attach, 33 disabling, 42 enabling, 40 port initialization, 45 port types, 4 saving configuration, 42 supported firmware versions, 33 terms, xv ACL policies, settings, 34 adding devices to fabric, 11 Address Identifier, 27 Admin domain, 25 ADS Policy adding devices, 11 disabling, 10 displaying devices, 11, 12 enabling, 10 removing devices, 11 setting devices to login, 10 setting devices to not login, 11 APC Policy connecting to multiple fabrics, 12 disabling, 13 enabling, 13 rebalancing F_Ports, 13 area assignment, 23 authentication, limitations, 23
B
behavior, failover policy, 17
C
Cisco switch adding OUIs, 38 AG routing requirements, 36 Company ID list, 37 deleting OUIs, 37, 38 displaying FCID, 38 editing Company ID list, 37 enabling Flat FCID mode, 39 enabling NPIV, 36 FLOGI support, 38 interoperability with AG, 36 no FC target devices, 37 no target devices on switch, 39 target devices on switch, 39 code, xiv cold failover policy, preferred secondary N_Port, 18
59
commands ag, 42 ag --failbackDisable, 17 ag --failbackEnable, 17 ag --failbackShow, 17, 58 ag --failoverDisable, 16 ag --failoverEnable, 15 ag --failoverShow, 15, 16, 58 ag --mapAdd, 51 ag --mapDel, 50, 51 ag --mapShow, 40, 48, 49, 51 ag --modeDisable, 42, 58 ag --modeEnable, 40, 57 ag --modeShow, 40, 42 cfgSave, 43 configDownload, 43 configUpload, 35, 42 defZone --allAccess, 43 portCfgNpivPort, 57 portCfgNport, 47, 48, 57 portCfgShow, 57 switchDisable, 35, 42, 43, 57, 58 switchEnable, 43 switchMode, 57, 58 switchShow, 34, 41, 49, 50, 57, 58 compatibility, fabric, 33 configuration, show, 48 configurations limitations with configdownload command, 25 re-joining switch to fabric, 43 saving AG configuration, 42 using configdownload command, 43 using configupload command, 42
E
Edge switch FLOGI, 34 long distance mode setting, 33 NPIV, 33 settings, 33 external port, N_Port, 50
F
F_Port adding external port on embedded switch, 47 Address Identifier, 23 disabling trunking, 30 internal ports, 50 mapping, example, 5 mapping, show, 48 maximum number mapped to N_Port, 46 remove, 51 settings, Edge switch, 33 shared area ports, 27 trunking, 22 trunking setup, 26 fabric compatibility, 33 inband queries, 34 join, 43 logins, 34 Management Server Platform, 34 zoning scheme, 34 Fabric OS Management Server Platform Service settings, 34 failback policy example, 14, 16 failover policy disabling, 16 enabling, 15 example, 15, 17 preferred secondary N_Port, 14 failover policy, behavior, 15 fast write limitation, 24 FICON, F_Port trunk ports, 24
D
daisy chaining, 33 DCC policy adding WWN, 28 enabling, 28 limitation creating TA, 25 default area, removing ports, 24 devices attaching multiple devices, 33 direct target attach, 33 Direct Target Attach, 33 Domain,Index, 28 downgrading, 24 considerations, 6
H
HA sync, TA present, 24
60
I
ICL ports, limitations, 25 inband queries, 34 internal port, F_Port, 50
non disruptive, 24 NPIV Edge switch, 33 enable with portcfgnpivport command, 46 enabling on Cisco switch, 36 enabling on M-EOS switch, 35 support, 33
J
join fabric, 43
O
optional features, xvii
L
long distance mode, Edge switch, 33
P
Policies Access Gateway, 9 Advance Device Security, 10 enabling DCC policy, 28 enforcement matrix, 22 Port Grouping, 18 security enforcement, 10 showing current policies, 9 using policyshow command, 9 port comparison, 4 mapping, 5 requirements, 33 types, 4 port group add N_Port, 20 create, 20 delete N_Port, 20 disabling, 21 port group 0, 18 remove port group, 21 rename, 21 Port Grouping policy, using portcfgnport command, 47 port mapping displaying, 48 dynamic mapping, 12 maximum number of F_Ports, 46 verifying, 48 Port mirroring, not supported, 25 port state, description, 41 port swap, not swapping TA, 24 port types, limitations, 24 Preferred, 14
M
management server, 23 mapping example, 5 ports, 5 show, 48 masterless trunking blades not supported, 24 PID format, 25 M-EOS switch, enabling NPIV, 35
N
N_Port AG configurations, 46 displaying configurations, 48 displaying status, 49 external port, 50 F_Port, remove, 51 failover in a PG, 19 mapping example, 5 masterless trunking, 22 maximum number supported, 46 multiple trunk groups, 22 show map, 48 trunk groups, 22 trunking, 22 trunking considerations, 23 unlock, 47 unlocking, 47 native mode setting, 35
61
preferred secondary N_Port cold failover, 18 definition, xvi deleting F_Ports, 52 failover policy, 14 forming groups, 18 not online, 14 online, 14 PWWN format, 26 sharing TA trunk group, 24
Q
QLogic-based devices, workaround, 37
trunk area activate DCC policy, 28 assign, 27 configuration management, 28 disabling, 24 remove ports, 27 standby CP, 23 using the porttrunkarea command, 24 trunk groups, create, 26 trunk master, limitation, 24 trunking enabling, 24, 28 license, 23 monitoring, 30
U
unlock N_Port, 47 upgrading, 24 considerations, 6 with ADS policy enabled, 7 with APC policy enabled, 7 with PG policy enabled, 7
R
removing devices from switch, 11 removing trunk ports, 24 requirements, ports, 33
S
settings ACL policies, 34 FLOGI, 34 inband queries, 34 Management Server Platform, 34 zone, no access, 43 supported hardware and software, xiii switch mode, verify, 34 switchMode Access Gateway mode, 40 Native, 34
Z
zoning schemes, 34 setting, 43
T
terms, xv
62

Access Gateway

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Access Gateway

Enviado por

Direitos autorais:

Formatos disponíveis

53-1001189-01 November 24, 2008

Supporting Fabric OS 6.2.0

Brocade Communications Systems, Incorporated

Access Gateway Administrators Guide

53-1000605-03 53-1000605-04 53-1001189-01

Access Gateway Administrators Guide 53-1001189-01

Access Gateway Administrators Guide 53-1001189-01

About This Document

Enabling Policies on Switches in Access Gateway Mode

Access Gateway Administrators Guide 53-1001189-01

Connecting Devices Using Access Gateway

Access Gateway Administrators Guide 53-1001189-01

Configuring Ports in Access Gateway mode

Access Gateway Administrators Guide 53-1001189-01

Access Gateway Administrators Guide 53-1001189-01

Access Gateway Administrators Guide 53-1001189-01

Access Gateway Administrators Guide 53-1001189-01

Access Gateway Administrators Guide 53-1001189-01

Access Gateway Administrators Guide 53-1001189-01

About This Document

How this document is organized

Appendix A, Troubleshooting provides symptoms and troubleshooting tips to resolve issues.

Supported hardware and software

Access Gateway Administrators Guide 53-1001189-01

Whats new in this document

Command syntax conventions

Access Gateway Administrators Guide 53-1001189-01

[] variable ... value |

Notes, cautions, and warnings

Access Gateway Administrators Guide 53-1001189-01

Notice to the reader

Referenced Trademarks and Products

Access Gateway Administrators Guide 53-1001189-01

Other industry resources

Optional Brocade features

Getting technical help

Access Gateway Administrators Guide 53-1001189-01

*FT00X0054E9* FT00X0054E9 The serial number label is located as follows:

Access Gateway Administrators Guide 53-1001189-01

Brocade Access Gateway

Access Gateway Administrators Guide 53-1001189-01

Fabric OS features in Access Gateway mode

Access Gateway and fabric switch comparison

Fabric OS features in Access Gateway mode

Access Gateway Administrators Guide 53-1001189-01

Fabric OS features in Access Gateway mode

Fabric OS components supported on Access Gateway

Access Gateway Administrators Guide 53-1001189-01

Access Gateway port types

Access Gateway port types

Comparison of Access Gateway ports to standard switch ports

Fabric Switch Ports

Port usage comparison

Access Gateway Administrators Guide 53-1001189-01

How Access Gateway maps ports

Table 2 shows a comparison of port configurations with AG to a standard fabric switch.

How Access Gateway maps ports

Edge Switch (Switch_B) F_B1

F_5 F_B2 N_4

Example F_Port-to-N_Port mapping

Access Gateway Administrators Guide 53-1001189-01

Access Gateway limitations

Description of F_Port-to-N_Port mapping

FT00X0054E9 FT00X0054E9 The serial number label is located as follows: