Professional Documents
Culture Documents
Student Guide - CFP 270 - Brocade 8 GB/s Introduction To Administration and Theory Lab
Student Guide - CFP 270 - Brocade 8 GB/s Introduction To Administration and Theory Lab
Brocade 8 Gbit/sec
Introduction to
Administration and Theory
Lab Guide
Revision 1008
CFP270
Table of Contents
Objectives
In this lab exercise, you will perform tasks related to connecting and then disconnecting from Brocades
Remote Solutions Lab in San Jose, CA. This lab is divided into the following sections:
Record Remote Solutions Lab access information
Connect to the Brocade Remote Solutions Lab (RSL)
Cleanly disconnect from Remote Solutions Lab station: correctly shut down access to the RSL so that you
can get back in at your convenience
Getting Started
To complete this lab, you will need the following:
One server/laptop with Internet access to the Brocade RSL.
Server/laptop should have a copy of Adobe Reader.
You will also need information about logins, passwords, servers, and switches. This information can be found
in the CFP 270 Student Information document and/or on the CFP 270 Topology Diagram associated with your
station.
2.
In the CFP 270 labs, you will be allocated an interconnected set of switches, as well as a Windows server,
EFCM server, and JBOD storage. This collection of hardware is collectively referred to as an RSL
Workstation. Please check with your instructor for the RSL workstation that you are assigned, and write it
here:__________________________
Find the CFP 270 Student Information document and your station Topology Diagram and you are ready to
start.
2.
3.
4.
If you are accessing the RSL through a Brocade laptop, log into the laptop using the username student01 and
the password student01. If you are using a non-Brocade laptop, use the username/password associated with
that laptop.
From the desktop, open an Internet Explorer browser session, open the following website:
https://remotesanlab.brocade.com (https not http)
If you are prompted to accept a security certificate through a Security Alert dialog, click Yes to accept the
certificate from the RSL.
In the resulting Welcome browser window (shown below), login to the RSL. In the username and password
fields, use the information provided on the CFP270 Student Information document, then click Sign In.
5.
6.
7.
8.
9.
The Secure Application Manager, used to control access to the RSL, launches. If you do not have this software
installed on your laptop, you may be asked to download and install the Secure Application Manager. Perform these
tasks by clicking Yes in all resulting dialog, and the Manager will be downloaded and installed.
In the resulting Remote Desktop Web Connection display (shown below), click the hyperlink to your RSL
workstation.
If prompted, click Yes when asked if you want to connect to the computer.
A web browser window to the Windows server in your RSL workstation opens. You may first be prompted
with a dialog (shown below) that warns you about displaying the web browser in full-screen mode. Review
the information, note that you can select CTRL-ALT-PAUSE to toggle between a window view and a fullscreen view, then click OK.
The Log On to Windows dialog on the RSL Windows server appears (as shown below). In the User name
and Password fields, enter the values assigned your workstation in the CFP270 Student Information
document. In the Log on to pull-down menu, ensure that EDU-BROCADE is selected. When complete, click
OK to login to your RSL Windows server.
10.
You have successfully connected to the Windows server in your RSL workstation. In your display, you will
see the tab controls shown below (here, to RSL server 10.255.244.11). From the desktop, you can start
Web Tools or telnet sessions to the switches in your RSL workstation. Remember, performing a CTRL-ALTPAUSE will activate the full-screen mode.
2.
Left-click on any of the devices (W2K, EFCM , 300, 5100) to automatically setup a telnet session to the
device.
Right-click on one of the devices to select telnet, http, or console. If console is chosen you will login in
through a terminal server that will give you automatic access to the console port of the device (if available).
3.
In the display for your RSL Windows server, click the Start button, then select Shut Down.
In the ensuing Shutdown dialog, select Log off administrator ONLY, then click OK. Do not select any other
option. This will close the web browser to your RSL workstation.
Finally, close the Secure Application Manager on your desktop. Go to the lower-right corner of your desktop
Toolbar, right-click the Secure Application Manager icon (as shown below), and select End Session.
CFP270 Lab Exercise for Module 3: Fibre Channel Theory Paper Lab
Objectives
Review Fibre Channel Theory associated with:
CFP270 Lab Exercise for Module 3: Fibre Channel Theory Paper Lab
FC-4 _____
FC-3 _____
FC-2 _____
FC-1 _____
FC-0 _____
A. Framing/Flow Control
B. Physical Interface
C. Upper Level Protocol Mapping
D. Encode/Decode
E. Common Services
Classes of Service
The column on the left is a description of the Brocade supported Classes of Service. The two columns on the
right are the Fibre Channel Classes of Service. Match the description with its Class of Service.2
1.
2.
3.
A. Class-1
B. Class-2
C. Class-3
D. Class-4
E. Class-6
F. Class-F
CFP270 Lab Exercise for Module 3: Fibre Channel Theory Paper Lab
Frame Format
1.
Identify the fields within a Fibre Channel frame, the length (in bytes) of each and the maximum frame
size.3
Field
1. _____________________________________
2. _____________________________________
3. _____________________________________
4. _____________________________________
5. _____________________________________
Maximum frame size:
Length
______
______
______ (maximum)
______
______
______
3. 1=SOF, 4 bytes; 2=Header, 24; 3=Payload, 2112; 4=CRC, 4; 5=EOF, 4; Max frame=2148 bytes
CFP270 Lab Exercise for Module 3: Fibre Channel Theory Paper Lab
10:00:00:05:1e:02:a5:49__________
20:07:00:05:1e:02:a5:49__________
10
CFP270 Lab Exercise for Module 3: Fibre Channel Theory Paper Lab
Port Types
From the ports identified on the switch above, select the correct port type (U_Port, F_Port, FL_Port,
G_Port, E_Port).5
1.
2.
3.
4.
5.
_______________
_______________
_______________
_______________
_______________
11
CFP270 Lab Exercise for Module 3: Fibre Channel Theory Paper Lab
Well-Known Addresses
1.
2.
3.
4.
5.
6.
______________________________
______________________________
______________________________
______________________________
______________________________
______________________________
6. 1=Management Server, 2=Time Server, 3=Name Server, 4=Fabric Controller, 5=Fabric Login, 6=Broadcast Server
12
CFP270 Lab Exercise for Module 3: Fibre Channel Theory Paper Lab
The switch is set to Core PID addressing. From the 24-bit addresses above, identify the port number (in
decimal).7
13
Objectives
Use telnet, SSH, and Web Tools to install, configure, and verify functionality associated with:
Switch Access
Switch IP address and license verification
Role Based Access Control (RBAC)
Secure access analysis
Configure secure access using SSH
Login Banners
End device connections to a Brocade fabric
Overview
In this lab exercise, you will perform tasks related to installing and configuring Brocade fabrics. This lab is
divided into the following sections:
14
2.
3.
If needed, use Lab 0 instructions to complete the following steps. Note: you only need Lab 0 instructions if
you are connecting to a remote lab station. Refer to the Student Information Sheet as necessary.
a. Connect to your 300 switch (RSLx-ST0x-B30) and your 5100 switch (RSLx-ST0x-B51) using the VRack
instructions in Lab 0, with login credentials of admin/password. Your desktop may have configured
VRack or HyperTerminal sessions.
In each telnet session, disable session timeout by entering the timeout 0 command.
Please keep these sessions open until instructed to close them.
From the telnet session of your 300, display the current Ethernet settings using the ifmodeshow eth0
command. Record the results here:
Link mode: ____________________
2.
Display the current IP address settings using the ipaddrshow command. Record the settings here:
Ethernet IP Address:____________________
Ethernet Subnetmask:____________________
Fibre Channel IP Address:____________________8
Fibre Channel Subnetmask:____________________
Gateway Address:____________________
15
3.
Enter the switchshow command. Review the command output, and fill in the following parameters:
switchName:____________________
switchType:____________________9
switchRole:____________________10
switchDomain:__________________11
zoning:____________________12
b.
Enter the version command; what is the FOS version running on the switch?
c.
From the telnet session of your 5100, display the current IP address settings using the ipaddrshow
command. Record the settings here:
Ethernet IP Address:____________________
Ethernet Subnetmask:____________________
Fibre Channel IP Address:____________________
Fibre Channel Subnetmask:____________________
Gateway Address:____________________
11. 2
12. Zoning should be OFF
13. v6.1.0c or later
14. 2 (300 and 5100)
16
2.
Enter the switchshow command. Review the command output, and fill in the following parameters:
switchName:____________________
switchType:____________________15
switchRole:____________________16
switchDomain:____________________17
zoning:____________________18
3.
Entering the version command. What version is currently installed on your 5100?
Fabric OS: ____________________19
2.
3.
Continuing on the telnet session of the 5100 switch, enter the date command to view the current date
and time.
Enter tsclockserver to determine the current source of date and time synchronization.20
Record the current clock server setting on the 5100:
tsclockserver: ____________________
2.
From the 300, invoke the date 0227123003 command to change the date on only this switch.
a. Issue the date command from both the 300 and the 5100.
b. Verify that they both have the date of Thu Feb 27 12:30:05 UTC 2003.
Set the fabric to synchronize to an external NTP server using the tsclockserver command on the 300.
Your NTP server IP address may vary.
a. tsclockserver 10.255.252.11.
b. Although the command may be run on any switch in a fabric, enter this command on the 300 only.
17. 98
18. Zoning should be OFF
19. v6.1.0c or later
20. If the clock server is specified as LOCL then the date and time that has been manually set on the fabric Principal will be used fabric wide. If
an NTP server has been specified, the IP address of that server will be displayed.
17
3.
Record the new clock server and date settings on the 300:
tsclockserver: ____________________
date: ____________________
4.
Record the new clock server and date settings on the 5100:
tsclockserver: ____________________
date: ____________________
Change the time zone for each switch in the fabric (optional)
Switches participating in a fabric may be in different time zones. For logging and reporting, it may be advantageous to leave all switches in the default UTC time zone, however it is possible to have switches report events
in their local time with the tstimezone command. Example: the Eastern time zone in the United States is
offset from GMT by 5 hours, so the tstimezone -5 command would correctly set the time zone for a switch
in the Eastern United States.
1.
Use the tstimezone command to set the time zone of your 300 to the Eastern time zone in the United
States (GMT -5) and verify same.
a. Example:
RSL7_ST07_300:admin> tstimezone -5
Updating Time Zone configuration...done.
System Time Zone change will take effect at next reboot.
RSL7_ST07_300:admin> tstimezone
Time Zone Hour Offset: -5
Time Zone Minute Offset: 0
b.
Invoke the date command on each switch to verify that the date on the 300 is 5 hours earlier than the
date on 5100.
Note: If the dates do not differ by 5 hours then invoke fastboot from the 300, re-login and check the
dates again.
2.
From the 300, invoke the following commands to restore the configuration back to default; for example:
RSL7_ST07_300:admin> tstimezone 0; tsclockserver LOCL
Updating Time Zone configuration...done.
System Time Zone change will take effect at next reboot.
Updating Clock Server configuration...done.
18
2.
3.
Continuing with the telnet session of your 300 and enter bannerset "Unauthorized access is
not allowed. Do not access this device unless you are authorized to do so."
Type login and your current session will be terminated. You will see the login banner and be allowed to
log in again.
To turn off the login banner, type bannerset "" at the command prompt.
2.
Return to the telnet session of your 5100 and type licenseidshow. Switch license keys are generated
for a specific switch WWN.
To view the licensed features on this switch, enter the licenseshow command.
3.
1.
License: ____________________
License: ____________________
Return to the telnet session of your 300 and issue the switchname command. Verify that the switch
name matches the topology diagram associated with your station.
a. Record the switch name here.
switchname: ____________________
If the switchname does not match the topology diagram associated with your station then please use
the switchname command to change it.
Return to the telnet session of your 5100 and issue the switchname command. Verify that the switch
name matches the topology diagram associated with your station.
a. Record the switch name here.
b.
2.
switchname: ____________________
b.
If the switchname does not match the topology diagram associated with your station then please use
the switchname command to change it.
21. Notice that one or more features may be activated with a single license key.
19
2.
3.
Return to the open telnet session of your 5100 and issue the errclear command to clear out any
existing messages in the error log.
Issue the trackchangesset 1,0 command
Issue the errdump command to view informational TRCK messages.
2.
3.
4.
5.
6.
Follow these steps to start the Syslog server (we are using Kiwi Syslog Daemon):
a. Launch Kiwi Syslog Daemon program from the desktop by double clicking on the icon.
b. Determine the IP address of the RSL host by doing the following:
- Start > Run > cmd
- From the DOS window type ipconfig and note the IP address:______________________________
Return to the open telnet session of your 5100 and issue the syslogdipadd <IP_address>
command. The <IP_address> you specify will be the IP address of your RSL host.
Generate switch log messages on the 5100. Type login to terminate your current session and log in as
admin. An entry should appear in the syslog server list.
Examine the entries in the Kiwi syslog daemon window.
Close the Kiwi syslog daemon window.
Check to see if the messages were recorded in the syslog file; to do this do the following:
a. On the desktop double click on the r7_st0x_clnt icon.
b. Double click on the C drive.
c. Double click on the captures directory.
d. Double click on the cfp270.txt file and verify the syslog entries are there.
Note: If the messages did not get recorded in the syslog file or the Kiwi syslog daemon window check the
following:
- On the switch run command: syslogdipshow and verify the IP address is set correctly.
- Verify that Fabric Manager Server is not running: To do this do the following: From the desktop
Start -> Programs -> Fabric Manager -> Server Management Console and click on the Stop Services button. This is will take a couple of minutes to stop the services.
20
7.
Check Point: You have configured and verified basic settings on the switches in your fabric. Some of these
steps are not required for essential switch operation; however these basic steps will make SAN administration
easier and more consistent as your fabric grows.
Security Configuration
Ethernet and IP security is a concern for administrators. It is possible to enhance the security profile of products and make them less vulnerable to common security attacks.
This section of the lab has the following parts:
Return to the open telnet session of your 300 and issue the following command to display all the default
user accounts:
userconfig --show -a
2.
21
3.
4.
Set an initial password for student as Password1. You will be asked to re-enter the password.
Issue the following command to create a instructor user:
userconfig --add instructor -r admin -a 0-255 -d "Instructor"
5.
6.
7.
8.
Go to Start > Run and enter telnet <IP address of 300> to open a second telnet session to your
300; login as student with Password1. Position your telnet windows so that you can see both 300 telnet
sessions.
Return to your original admin 300 telnet session and issue the following command to delete the student
account and respond with a yes at confirmation prompt:
userconfig --delete student
Your should see a broadcast message on both windows similar to the following:
Broadcast message from root (pts/1) Tue Jun 13 15:38:51 2006...
Security Policy, Password or Account Attribute Change: student will be logged
out
Account student has been successfully deleted.
9.
22
Open another telnet session to your 300. Log in as instructor with password of Password1.
Position your telnet windows so that you can see both 300 telnet sessions (one session where you logged
in as admin and the other where you are logged in as instructor).
3.
From the instructor telnet session issue the following command to change admin's enabled status to no
and respond with a yes at confirmation prompt:
userconfig --change admin -e no
Your should see a broadcast message on both windows similar to the following:
Broadcast message from root (pts/0) Tue Jun 13 15:45:27 2006...
Security Policy, Password or Account Attribute Change: admin will be logged
out
Attribute for account admin has been successfully changed.
4.
5.
6.
7.
22. You will not be able to access the switch as admin because the account is disabled.
23
Password strength
Password strengthening was introduced in Fabric OS v5.1.
1.
From the open telnet session of the 5100, display the syntax of the new password security command by
entering the following command:
passwdcfg --help
Review the command output before continuing.
2.
3.
Invoke the command that will ensure that the password strengthening parameters are all set to default
values23.
Display the default password security settings by entering the passwdcfg --showall command.
Review the command output, and answer the questions below:
a. What is the minimum password length? (passwdcfg.minlength) __________
b. What is the minimum number of lower-case alphabetic characters that must occur in the password?
(passwdcfg.lowercase) _______________________
c. What is the minimum number of upper-case alphabetic characters that must occur in the password?
(passwdcfg.uppercase) _______________________
d. What is the minimum number of numeric digits that must occur in the password?
(passwdcfg.digits) _____________________________________________
e. What is the minimum number of punctuation characters that must occur in the password?
(passwdcfg.punctuation) _______________________________
f. How many past password values are disallowed when setting a new password?
(passwdcfg.history) ____________________________________________
g. What is the minimum number of days that can elapse before a password must be changed?
(passwdcfg.minpasswordage) ____________________________
h. What is the maximum number of days that can elapse before a password must be changed?
(passwdcfg.maxpasswordage) __________________________
i. How many days before the password expires will a warning message be displayed?
(passwdcfg.warning) ___________________________________
23. The command to set password strengthening parameters to defaults is: passwdcfg -setdefault
24
What is the number of times that an incorrect password can be specified before an account is locked?
(passwdcfg.lockoutthreshold) _________________
k. What is the time, in minutes, after which a previously-locked account becomes unlocked?
(passwdcfg.lockoutduration) ___________________________
l. What is the password configuration status (enabled: 1 or disabled: 0)?
(passwdcfg.status) ____________________________________________24
Change one of the password security parameters:
a. Change the password security so that all new passwords must have at least one upper-case character
by entering the following command:
j.
4.
Verify that password security has changed by entering the following command:
passwdcfg --showall
c.
5.
When prompted for a password, enter the password password1 using all lower-case letters. What is
the system response? ____________________________27
c. Enter the following new password that includes at least one uppercase letter: Password1. Is this accepted?
______________________________________28
Before continuing to the next section, remove these changes:
a. Delete the new user-role account by entering the following command:
b.
6.
Return the password security to the default values by entering the following command:
passwdcfg --setdefault
25
Check Point: You learned how to: set a session timeout, create customized accounts, disable default
accounts, and enhance password strength. These steps are not required for essential switch operation, but
may be required by organizations wishing to mitigate security risks.
Return to the open telnet session of your 5100 and issue the switchuptime command.
Record the amount of time the switch has been operational. ____________________
Issue the uptime command. Notice that the uptime reported by both commands is the same.
26
Return to the telnet session of your 300 and issue the switchstatusshow command.
Record the switch status here:
a. SwitchState ____________________
b. Power supplies monitor____________________
c. Temperatures monitor ____________________
d. Fans monitor ____________________
e. Flash monitor____________________
f. Marginal ports monitor ____________________
g. Faulty ports monitor ____________________
h. Missing SFPs monitor ____________________
3.
4.
Issue the switchstatuspolicyshow command to determine how many ports need to be bad before
the switch is reported as Marginal and record that value:
_____________________________________________________________________29
Record the number of other out-of-spec measurements required to put the switch into MARGINAL status.30
a. PowerSupplies____________________
b. Temperatures ____________________
c. Fans ____________________
d. Flash ____________________
e. MarginalPorts ____________________
f. FaultyPorts ____________________
g. MissingSFPs ____________________
From the telnet session of your 300, issue the sensorshow command.
Verify that the sensors all display an OK status.
Alternatively, the tempshow, fanshow, and psshow commands will display the status of individual
components.
Look at port status
We will now observe the status of ports on the switch.
1.
From the telnet session of your 300, issue the portshow 1 command.
29. The marginal ports output could be 0, 1 or any other user configured value.
30. A setting of 0 indicates that Fabric OS will not monitor this component. For example having a setting of 0 for MissingSFPs indicates that the switch
will not complain if you remove SFPs. If you wish to have the switch track this condition or others, use the switchstatuspolicyset command. Since
output is user-configurable it could vary.
27
2.
Loss_of_sig ____________________31
Note: It is not unusual to observe Link_failure, Loss_of_sync and related errors. These errors are commonly generated as devices are plugged into switch ports. However, you may have a marginal link if
you notice that these errors are increasing over time on a port in a steady-state fabric.
Look at port configuration
We will now observe the current port configuration.
1.
2.
From the telnet session of your 300, issue the portcfgshow command.
Review the output. All ports should be enabled and, since the Trunking license is installed, trunking also
should be enabled by default on all ports.
2.
3.
From the telnet session of your 300, issue the configshow fabric.ops command and look at the
fabric.ops parameters.
Return to the telnet session of your 5100 and issue the same command: configshow fabric.ops.
Look at the fabric.ops parameters.
Compare the fabric.ops parameters on both switches. Do any of the parameters differ?
______________________________________________________________________32
Check Point: You have learned to quickly assess general switch status. Fabric troubleshooting builds on these
introductory steps.
31. 300 portshow outputs should display as follows portHealth: HEALTHY; portState: Online; Distance: normal; portSpeed:
N4Gbps; the other parameters will vary.
32. The switches should be successfully merged into a single fabric so the fabric.ops parameters should be the same.
28
Return to the open telnet session of your 300 and issue the nsshow t -r command.
Verify that the host bus adapter and the storage devices are properly registered with the name server and
fabric controller. Record the last three octets of the Port WWN of the devices. Example: 50:4c:7d
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
3.
4.
Return to the open telnet session of your 5100 and issue the nsshow t -r command.
Verify that the host bus adapter and the storage devices are properly registered with the name server and
fabric controller. Record the last three octets of the Port WWN of two to four storage ports. Example:
52:3a:72.
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
WWPN ____________ Device Type _______________ State Change Registration (Y/N) ___
29
5.
6.
From open 5100 telnet session issue the nscamshow command to see detailed information about the
devices on your 300 switch.
Compare the last three octets of the Port WWN of two device outputs gathered from the 5100 nscamshow
output with the 300 nsshow output values gathered earlier. Are they the same?
________________________________________33
Check Point: You have learned how to determine if a SAN-attached device - such as host, storage, or tape
device - has successfully logged into the fabric.
3.
In the display for your RSL Windows server, click the Start button, then select Shut Down.
In the ensuing Shutdown dialog, select Log off administrator ONLY, then click OK. Do not select any other
option. This will close the web browser to your RSL workstation.
Finally, close the Secure Application Manager on your desktop. Go to the lower-right corner of your desktop
Toolbar, right-click the Secure Application Manager icon (as shown below), and select End Session.
33.
30
Objectives
Configure, verify, administer, and describe Brocade Zoning processes and enforcement methodologies .
Overview
In this lab exercise, you will perform tasks related to zoning a Brocade fabric. This lab is divided into the following sections:
Define and enable zoning using Web Tools
Activate the default zone configuration
2.
Open a telnet session to your 5100 switch. Issue the cfgshow command. If any zoning is enabled, issue the
cfgdisable command. If alias, zone or cfg definitions exist, issue the cfgclear command followed by
the cfgsave command. Close the telnet session.
Run command defzone --show and verify that All Access is enabled.
31
Verify the W2k Server has access to all the disks attached to the fabric
1.
2.
Right-click on the desktop icon associated with your computer name and select Manage. Example
RSL7_STxx_W2K (xx is your station number):
Select Device Manager and double-click Disk drives. You should see up to 16 SCSI disk devices are attached to
your fabric.34
34. Example: The example has sixteen SEAGATE ST318452FC SCSI Disk Devices.
32
3.
Check Point: With zoning disabled, there is nothing restricting the W2k server from seeing all the disk devices
attached to the fabric. In this case a 4 disk JBOD, dual connected with a dual connected server to the same
fabric produces twice the number of entries found in the fabric. 4 Drives*2connects*2HBAs=16 Targets.
Zoning can help limit the number views to the same drives.
Open Web Tools on your 300 and enter Zone Administration
1.
Open a HTTP session to your 300 using one of the methods below:
- Remote Solutions Lab ONLY: Double-click on the VRack icon on your W2k desktop. Right-click on
the 300 switch icon and select HTTP.
or:
- Open Internet Explorer and enter the IP address of your 300.
Either of these actions will open Web Tools and provide a SwitchExplorer view.
2.
3.
4.
Login as requested; enter admin for User Name and password for Password.
Click the Zone Admin link to enter the Zone Administration view. (See screen capture below.)
Maximize the window.
33
2.
3.
4.
34
From the Alias tab, expand Ports & Attaching Devices in the Member Selection List. Expand the switch for
the 300. Expand port 1. Expand the WWN entry. You should now see the Port WWN entry for the W2k
server attached to this port.
Click the New Alias button and enter alias name stxx_host (xx = your station number).
Highlight the lowest Brocade Communications device in the device expansion that allows you to Add
Member (the Add Member characters are black).
Click the Add Member button, this will put the device in the Alias Members area:
Follow these steps to create an alias that includes two Port WWNs of disks attached to your 5100.
5.
6.
7.
8.
In the Member Selection List, expand the switch for the 5100. Expand port 6. Expand the WWN entry for
two of the disks in the list. You should now see the Port WWN entry for each of these disks. (See screen
capture below.)
Click the New Alias button and enter alias name stxx_disks (xx = your station number).
Highlight the lowest SEAGATE device in the Member Selection List that allows you to Add Member (the Add
Member characters are black).
Click the Add Member button; this will put the devices in the Alias Members area. You should have two
devices in this area.
35
When you are finished, you should see two Aliases in the Zone Members field.
11. Select the Zone Config tab.
12. Follow these steps to create a zone configuration named stxx_cfg that includes the zone you just created.
a. Click the New Zone Config button and enter the name stxx_cfg (xx = your station number).
b. Expand Zones in the Member Selection List. You should see the zone you just created.
c. Highlight the zone name you just created (stxx_zone) and click the Add Member button.
d.
36
13.
14.
Follow these steps to save the aliases, zone and zone configuration you created to flash memory in the
fabric. (See screen capture below.)
a. Click Save Config .
b. Click Yes to the prompt Do you want to save Defined zoning configurations only?
Review the Switch Commit Messages at the bottom of your screen. (See screen capture above.)
37
15.
38
Verify the W2k Server has access to only the zoned disks
1.
2.
3.
Right-click on the desktop icon associated with your computer name and select Manage. Example
RSL7_STxx_W2K (xx is your station number):
Select Device Manager and double-click Disk drives. You should see listed the same number of SCSI disk
devices as you defined in zoning.
Close the Computer Management window.
Check Point: You used Web Tools to create a zone configuration and enable it in your fabric. You also verified
the W2k server complied with the zoning restrictions.
39
3.
4.
From a telnet session to your 5100, use the portzoneshow command to display the zoning enforcement
and record below:
Port 6 (Disk loop) Enforcement: ________________________36
40
2.
From the 300, use the defzone -noaccess command to set the access mode to no access. Reply Y to
the confirmation prompt.
Use the defzone --show command to display the current access mode and record below. (Note: A
cfgsave command is still needed to commit the new access mode that is in the transaction area.)
Committed: ________________________37
Transaction: ________________________
3.
4.
Use the cfgsave command to commit the access mode to flash memory.
Use the defzone --show command to display the current access mode and record below.
Committed: ________________________38
Transaction: ________________________
5.
6.
7.
Use the cfgshow command to display the zoning configuration. You should not see the default zoning
definitions displayed.
Use the cfgdisable command to disable zoning throughout the fabric.
Use the cfgactvshow command to display the Effective configuration and record below.
Effective configuration: ________________________________________39
8.
Notice that when zoning is disabled in a fabric and the default access mode is set to noaccess, the
cfgshow displays No Access.
41
9.
10.
Right-click on the desktop icon associated with your computer name and select Manage. Example
RSL7_STxx_W2K (xx is your station number):
Select Device Manager and double-click Disk drives. You should not see SCSI disk devices anymore since
devices are not allowed to communicate into the fabric. It may be necessary to refresh the disk information
by selecting Action -> Scan for hardware changes.
Check Point: You set the default zone access mode to no access. This mode is only applied when zoning is not
enabled in a fabric.
42
4.
From the 300 use the cfgclear command to clear zoning from the defined configuration.
Use the cfgsave command to save the null zoning database to flash memory.
Can all devices access each other (Is default all access zoning in effect)?
_____________________________________________________________________40
Follow these steps to disable default no access zoning:
a. Invoke defzone --allaccess
c.
d.
b.
40. No, devices cannot access each other because no access zoning is in effect.
41. No, devices cannot access each other because the all access zoning configuration has not been saved to flash. The no access zoning configuration is still in
effect.
43
3.
In the display for your RSL Windows server, click the Start button, then select Shut Down.
In the ensuing Shutdown dialog, select Log off administrator ONLY, then click OK. Do not select any other
option. This will close the web browser to your RSL workstation.
Finally, close the Secure Application Manager on your desktop. Go to the lower-right corner of your desktop
Toolbar, right-click the Secure Application Manager icon (as shown below), and select End Session.
44
Objectives
Describe, create, and validate multi-switch fabric Trunking and trunked distance solutions
Overview
In this lab exercise, you will perform tasks related to trunking in Brocade fabrics. This lab is divided into the following sections:
Trunking with CLI and Web Tools
Trunking over distance
Routing over trunks
Getting Started
1.
2.
If needed, use Lab 0 instructions to connect to your Remote Solutions Lab station. Open sessions to your
5100 and 300 switches using VRack, Hyperterminal, or telnet with login credentials admin/password.
Ensure that you have Trunking and Extended Fabric licenses on your both of these switches. Contact the
instructor if you do not have these licenses. Invoke the licenseshow command.
45
3.
46
2.
3.
Invoke the portcfgshow command on both your 5100 and 300 switches to verify that trunking is
enabled on all the ports on each switch in your fabric.43
If portcfgshow Trunk Port outputs do not show ON then use the following command to ensure that
both switches are capable of establishing a trunk: switchcfgtrunk 144
Invoke the switchshow command from the 300 and use the output to answer the following questions:
a. How many trunks exist between the 300 and 5100?
_______________________________________________________________45
b. How can you determine which Trunk Master is the Principal ISL?
_______________________________________________________________46
c. List the criteria that needs to be met in order for ports to form a trunk:
_______________________________________________________________47
47
4.
From your 300, invoke the islshow command and answer these questions.
a. What is the aggregate bandwidth of each trunk group:
_______________________________________________________________48
b. Since some of the lab stations have differences, use the example islshow output below to answer the
following question. What do the 8 -> 8 and 17 -> 4 values tell you?
_______________________________________________________________49
RSL7_ST07_300:admin> islshow
1: 8-> 8 10:00:00:05:1e:02:a6:6d RSL7_ST07_B51 sp: 4G bw: 8G TRUNK QoS
2: 17-> 4 10:00:00:05:1e:02:a6:6d RSL7_ST07_B51 sp: 4G bw: 8G TRUNK QoS
5.
6.
From your 5100, invoke the trunkshow command and evaluate the deskew values. Note the greatest
deskew difference in your trunk groups: ___________________
What is greatest deskew difference in the following example trunkshow output?
_______________________________________________________________50
RSL7_ST07_B51:admin> trunkshow
7.
1: 8 ->
10:00:00:05:1e:02:16:bb
deskew 15
9 ->
10:00:00:05:1e:02:16:bb
deskew 15
2: 4 -> 17
10:00:00:05:1e:02:16:bb
deskew 15
3 -> 16
10:00:00:05:1e:02:16:bb
deskew 15
MASTER
MASTER
A deskew of 15 deskew units is associated to a 30 meter cable difference. What deskew difference could
cause additional latency? _______________________________________________________________51
Check point: You established that there are two 4 Gbit/sec per port ISL trunks between the two switches in
your fabric.
8.
We want to insure that ports 8 and 16 are trunk masters. From your 300, issue the following commands:
portdisable 9
portdisable 17
portenable 9
portenable 17
48
Use Web Tools to evaluate and change the current trunking configuration
1.
2.
3.
4.
5.
6.
Open a Web Tools session to your 300. Right-click the VRack 300 icon and select HTTP. Alternatively, open
an Internet browser and enter the IP address of the 300.
This will launch a Web Tools session to your 300; logon as requested.
Select the Switch Admin task.
Click the Show Advanced Mode button to see the routing tab.
Click the routing tab and verify that there are two routes for each In Port between the switches; each In
Port should have an Out Port associated with each Trunk Master. There should be 4 entries.
Click the Trunking tab and verify that there are two trunking groups between the switches in your fabric.
Check point: The Web Tools view of your switches shows two trunk groups
7.
8.
9.
Verify that the Trunk Master port in one of the Trunk Groups is port 8. We will use this later.
Please follow these steps to use Web Tools to change the trunking configuration on the 300:
a. Return to the main WebTools window and click on the Port Admin link.
b. In the Port Admin window, click port 8, then click the Edit Configuration tab. Accept the confirmation.
c. In the FC Port Configuration wizard, click Next to get to step 2, Specify FC Parameters. Use the
Change Speed drop-down to change the speed of port 8 to 2G (2 Gbit/sec). Click Next.
d. Click the Save button; then click Close.
Re-evaluate the trunk configuration by clicking the Switch Admin tab and then selecting the Trunking tab.
Check point: The Web Tools view of your switches should now have three trunk groups.
Click the Show Advanced Mode button to see the Routing tab.
11. Click the Routing tab and verify that there are three routes for each In Port between the switches; each In
Port should have an Out Port associated with each Trunk Master.
10.
Return to your open CLI session to your 5100 (or re-open) and invoke trunkdebug <lowest port #
in 2 Gbit/sec trunk group>, <highest port # in the 4 Gbit/sec trunk group
in the same ASIC port group> Expected example output:
RSL7_ST07_B51:admin> trunkdebug 8 9
port 8 and port 9 speed is not 2G, 4G or 8G
2.
Invoke trunkshow and verify that there are now 3 trunk groups.
Check point: You created two trunk groups from one by changing the speed of 2 ISLs in the trunk group. This
created two trunk groups with different speeds in the same ASIC port group. You used the trunkdebug
command to analyze the message associated with why two trunks formed.
49
From your 5100, invoke the islshow command to identify the two-ISL 8 Gbit/sec trunk group. Output of
this trunk group will display the following information:
4 -> 17 10:00:00:05:1e:02:19:74 1 RSL7_ST03_300 sp: 4.000G bw: 8.000G TRUNK QoS
2.
From the 5100, invoke the trunkshow command to identify the ports associated with this trunk group.
This expected example output shows that ports 8 and 9 are associated with the two-ISL 2 Gbit/sec ISL
trunk group:
RSL7_ST07_B51:admin> trunkshow
1: 8 -> 8
10:00:00:05:1e:02:19:74
deskew 15
MASTER
2: 9 -> 9
10:00:00:05:1e:02:19:74
deskew 15
MASTER
3: 4 -> 17
10:00:00:05:1e:02:19:74
deskew 15
3 -> 16
10:00:00:05:1e:02:19:74
deskew 15
MASTER
Note the port numbers of the ISLs associated with your two-ISL 4 Gbit/sec ISL trunk group:
_______________________________________________________________52
Use CLI to configure one long distance trunk group on the 5100.
a. Issue portcfglongdistance 3 LS 1 25; you will receive a warning message:
a.
3.
Reserved Buffers =
106
This is to remind you that each switch has specific amount of buffer credits associated with its ASIC
type. Our configuration will not exceed these limits if all steps are followed.
b.
This will enable LS mode on port 3 and automatically turn VC Translation Link Init on.
52. Ports 16 and 17 represent a 4 Gbit/sec per ISL trunk group in the example trunkshow output depicted. They should also represent a 8 Gbit/sec ISL
trunk group in your configuration.
50
c.
Speed Level:
AUTO
OFF
Trunk Port
ON
Long Distance
LS
VC Link Init
ON
Desired Distance
25 Km
Reserved Buffers
106
Locked L_Port
OFF
Locked G_Port
OFF
Disabled E_Port
OFF
OFF
RSCN Suppressed
OFF
Persistent Disable
OFF
NPIV capability
QOS E_Port
ON
Rate Limit
OFF
EX Port
Mirror Port
Credit Recovery
4.
ON
OFF
OFF
ON
Use CLI to complete the configuration of the long distance trunk group on the 5100.
a. Issue portcfglongdistance 4 LS 1 25
51
5.
Follow these steps to use CLI to configure the trunk group at the other end of the link; this is the 300 using
port 16 and 17.
a. Return to your open CLI session to your 300 (or re-open) and issue switchshow
b. Note there is a segmentation due to the change on the other switch.
c. Issue portcfglongdistance 16 LS 1 25
d. Issue portcfglongdistance 17 LS 1 25
e. This will enable LS mode on specified ports. Note switch response.
f. Issue switchshow and notice your trunk group is now up and running.
g. Issue portbuffershow to see the buffer credit allocation.
r7-st15-b30-1:admin> portbuffershow
User
Port
Lx
Max/Resv
Buffer Needed
Port
Type
Mode
Buffers
Usage
----
----
----
-------
------ -------
6.
Buffers
Link
Distance
--------- ----------
28
28
Remaining
Buffers
<2km
28
28
10
3km
11
12
13
14
15
16
LS
106
70
70
25km
17
25km
LS
106
70
70
18
19
20
21
22
23
248
Notice port 16 and 17 Needed Buffers and Buffer Usage columns show 70 buffers.
1.
53. Max/Resv Buffers represents max number of credits needed to extend 25Km @ full speed. Remember the ports are running @ 4G.
52
Check point: You used the CLI to configure two ports on the 300 and 5100 to long distance level LS. This
allowed you to create a 25 KM, two ISL(8G) trunk.
Restore the trunk configuration back to the original two 4 Gbit/sec per ISL trunks state
Perform these steps on the 5100 and 300 switches:
1.
1.
2.
3.
Check point: You used the portcfgdefault command to go put the ports back into the original trunk
configuration (two 4 Gbit/sec trunk groups with aggregate 16 Gbit/sec bandwidths each.
54. With Condor2 ASICs, data is not interrupted when a new Trunk Master is chosen.
53
2.
3.
4.
5.
6.
7.
8.
9.
Return to your open Web Tools session to your 5100 or open a Web Tools session to your 5100 by opening
a browser and entering IP address or by right-clicking on your VRack 5100 and selecting HTTP.
If you do not still have an open Switch Admin session, click on the link and open it.
Click the Show Advanced Mode button.
Click the Trunking tab and note the two Trunk Master ports
a.
____
b.
____
Click the Routing tab and verify the two routes,(Out Ports), and reference the Trunk Masters noted
above.
Also, note the two In-ports are configured to use both available Trunk group routes. Explain why?
__________________________________________________________55
Note the configuration options that are available from the Web Tools Routing view.
Click the Off button under the Dynamic Load Sharing (DLS) section. Why can you not turn this option
Off?_________________________________________________________________ 56
Is there an option in the Web Tools Routing view to change from the default exchange based routing to port
based routing? _____________________________________________________________________57
Check point: You used Web Tools to verify that there are two routes from the 5100 to the 300; these routes
are through Trunk Masters.
55. Exchange-Based Routing provides this feature to use its load sharing mechanism.
56. Exchange-Based Routing is turn on.
57. Yes, the routing policy can be changed from the CLI using the aptpolicy command or WebTools after the switch is disabled.
54
2.
3.
4.
5.
6.
7.
8.
In your open Web Tools, Switch Admin window, click on the Switch tab, click the Disable button. Click the
Apply button and except the confirm window by pressing the Yes button.
Click the Show Advanced Mode button to see the Routing tab.
Click the Routing tab and select the Port-Based Routing check box. Click Apply and except the confirmation
window.
Return to the Switch tab, enable the switch and Apply the change.
Return to the Routing tab and press the Refresh button.
Note the routing change:
_____________________________________________________________58
Can switches in the same fabric have different routing policies and still communicate? Why/Why not?
_______________________________________________________________59
Invoke switchshow to verify that the switch came back online and the trunks between the 5100 and 300
are still operational. Verify that you still have two trunks and two Trunk Masters.
Check point: You changed the 5100 routing policy from exchange based routing to port based routing. You
verified that the switch came back online with attached ISL trunks and Trunk Masters.
9.
From the open 5100 CLI session, set the routing policy back to exchange based: invoke switchdisable;
aptpolicy 3; switchenable. Expected example output:
RSL7_ST07_B51:admin> switchdisable; aptpolicy 3; switchenable
Policy updated successfully.
55
3.
In the display for your RSL Windows server, click the Start button, then select Shut Down.
In the ensuing Shutdown dialog, select Log off administrator ONLY, then click OK. Do not select any other
option. This will close the web browser to your RSL workstation.
Finally, close the Secure Application Manager on your desktop. Go to the lower-right corner of your desktop
Toolbar, right-click the Secure Application Manager icon (as shown below), and select End Session.
56
Objectives
This lab will explore the EFCM v9.7 interface and functions
Overview
In this laboratory exercise, you will connect to Brocades Remote Lab in San Jose, CA.
To complete this lab, you will need information about logins, passwords, and switch IP address information.
This information can be found on the CSM264 Student Information Sheet. Do NOT lose this document!
In the CFP270 labs, you will be allocated an interconnected set of Brocade switches and routers, as well as
a Windows server, and JBOD storage. This collection of hardware is collectively referred to as an RSL
Workstation. Please check with your instructor for the RSL workstation that you are assigned, and write it
here:
____________________________________________________________________
2.
Please locate the CFP270 Student Information Sheet, and complete the RSL Workstation Assignment and
RSL and Remote Server Login sections.
57
4.
Please follow the CFP271 Student Information Sheet instructions to connect to your remote desktop.
Double click on the VRack icon to open the VRack application.
The VRack will have a button for each of the devices in the lab station. Right clicking any of these devices
will display a menu of connection options for that device.
Right click on the 5100 button, select telnet, and click on it to open a telnet command window. At the login
prompt, enter admin/password, and log into the B5100.
Note: Please keep these sessions open until instructed to close them..
58
Double click the EFCM 9.7 Client icon on the remote desktop to open the EFCM login screen.
a. Log in using Administrator/password, and click OK on the Login Banner screen to open the View All window.
b.
3.
4.
5.
6.
On the Menu Bar, click Discover to open the discovery drop down menu
a. Scroll down and click Setup to open the discovery setup window.
Click the Out of Band tab
Click Add to open the add Address Proberties box
a. Type M4400 into the description box
b. key in the IP address of the M4400 and click OK
Click Add again to reopen the IP address box
a. Type B5100 into the description box
b. Key in the IP address of the B5100 and click OK
Click Add again to reopen the IP address box
a. Type 300 into the description box
b. Key in the IP address of the 300 and click OK
Note: You will not use the 300 in this lab but you will need it for the troubleshooting lab.
Important: Do NOT perform a subnet scan in the next step, doing so will discover all switches in the lab environment,
which includes other student stations.
7.
8.
Highlight all IP addresses (M4400, B5100 and 300) in the Available Addresses section and click on the
right arrow in the Selected Individual Addresses section to select them for discovery. Before the next step,
please verify that your selections have been moved to the lower-right pane
Click OK. The Setup window will close and the discovery process will begin.
When Discovery completes, the right hand pane of the EFCM window will be populated with the discovered
fabric topology. This could take 30 seconds or so.
9.
Looking at the Fabric that contains the M4400: How many switches are in the fabric
now?____________________61
60. 0
61. 1 in the M4400 Fabric and 2 (B5100 and 300) in the B-Series fabric.
59
Now that we can see our fabric, lets set up a new user.
1.
2.
3.
4.
On the Menu Bar, click on SAN to open the SAN drop down menu.
a. Scroll down and click on Users to open the Server Users screen.
Click the Add button in the lower left hand corner of the screen (under the Users section), this will open the
Add User dialog box.
a. For lab purposes, key in Security Admin for the Description.
b. Leave the Email Address blank
c. Key in secadmin for User ID
d. Key in password for the Password, and confirm it.
e. Click OK to close the dialog box
The newly created user should appear just below Administrator in the User half of the window.
a. Highlight the new user
b. Highlight the Security Administrator group on the right side of the window.
c. Click the right arrow to add the new user to the Security Administrator group.
d. Click OK to close the Users/Groups window
e. Close EFCM by clicking the SAN button and scrolling down and clicking on exit.
On the desktop, double click on the EFCM 9.7 icon to open the EFCM login dialog box.
a. Log into EFCM using the newly created user credentials secadmin/Password.
b. Click on the Discover button to open the discovery drop down menu, scroll to and click on Setup.
What happened?_______________62why?_________________________________________63
Close EFCM, reopen it and log in as Administrator/password. (case sensitive)
a. Click on SAN to open the SAN dropdown menu.
b. Scroll down and click on Users to open the Server Users window.
c. On the left side of the screen, highlight the newly created user
d. Click Remove at the bottom of the screen to delete the user.
e. Click OK to close the window and return to the main EFCM screen.
c.
5.
60
Next, well spend some time with the M-series Element Manager interface
1.
2.
On the main EFCM screen click on the M4400 switch icon to highlight it.
On the Menu Bar, click on Configure, scroll down and click on Element Manager to open the Element
Manager screen for the M4400 switch.
Note: Element Manager can also be opened by right clicking on the switch icon and selecting Element
Manager from the drop down menu.
This will open the Hardware View of Element Manager. The FRU List is expandable by using the arrow buttons
in the upper left hand corner of the Hardware View screen.
3.
4.
5.
Roll the mouse slowly over the ports in the image/diagram and note the message at the bottom of the
screen.
Double click on Port 1. What is the port speed set to?______________64
a. Click on Close to close the port stats window.
From the Element Manager Menu Bar, click on Product, then scroll down and click on Properties to open
the Switch Properties window.
a.
b.
c.
Note: Clicking on the Product button opens the main Product submenu, which is where System Error Lights
can be cleared.
Just to the right of the Hardware tab is the Port List tab. Clicking on this will bring up the Port List View,
which shows the general condition of the ports.
e. Just to the right of the Port List tab is the Node List tab, which shows the nodes attached to the switch,
which port they are attached to, BB credits, etc.
f. Just to the right of the Node List tab is the Performance tab, which shows a variety of performance
statistics, including Class 2 Stats, Class 3 Statistics, Error Statistics, Operational Statistics, and Traffic
Statistics.
On the Element Manager Menu Bar, click on Configure, scroll down and click on Operating Parameters,
which will open the switchs operating parameter configuration screen.
a. Click on the Fabric tab and see items such as RA_TOV, ED_TOV, etc.
b. The next tab to the right is the Domain tab, which allows setting of an Insistent Domain ID, Preferred
Domain ID, Rerouting Delay, etc.
d.
6.
64. 4 Gbit/sec
65. 9.06.02
61
Note: Rerouting Delay is the M-Series equivalent of In Order Delivery (IOD) in the B-Series world.
Take a few minutes to look at the submenus available under each tab.
Back to the Element Manager Menu Bar, click on Security, and you will see Port Binding, Switch Binding,
Authentication, Security Log, and SSL Configuration.
c.
7.
Note: Port Binding is the M-Series equivalent of the DCC Policy in a B-Series environment, and Switch Binding is the equivalent of the SCC Policy.
Scroll down and click on Authentication to bring up the Configure Authentication window.
b. The Users tab is displayed. This is where telnet can be turned off, if required, and SSH enabled.
c. The next tab to the right is the Software tab, which is where authentication through an API can be
enabled.
d. The next tab to the right is the Devices tab, where E_Port and/or N_Port authentication can be enabled.
e. The next tab is the IP Access Control tab, where this feature can be enabled.
f. The final tab to the right is the RADIUS Servers tab, where RADIUS authentication for the M4400 can be
enabled and configured.
8. Close the Security window
9. Back to the Element Manager Menu Bar, click on Logs, and you will open a dropdown menu with the nine
logs available through the Element Manager - Audit, Event, Hardware, Link Incident, Port Performance
Threshold Alert, Security, Open Trunking, Embedded Port, and Switch Fabric logs.
10. The final item on the Element Manager Menu Bar, besides the Help menu, is Maintenance. Click on this to
open a dropdown menu, now scroll down and click on Firmware Library, which is the repository for firmware
versions on the EFCM server.
a.
Now well spend just a little time with the B-Series Element Manager interface, Web Tools
1.
2.
From the main EFCM window, right click on the 5100 and click on Element Manager.
Rolling the mouse over any of the ports or leds will open a pop up with information about the port or led.
a. The four status buttons across the top of the page give a quick indication of the status of the switch by
the color of the check mark in the button. Clicking on any of the buttons will open another page with
information specific to that button
i.
66. 9.06.02
62
ii.
iii.
iv.
Fan shows both the status of each fan, and the actual fan speed of each.
The other two buttons will turn Beaconing on or off, as indicated by the lighthouse icon being either lit
up or dark, and the Legend button will show the key to the colored status indicators.
In the upper left corner of the page is the Menu Bar, which has four selections:
a. Manage
b. Reports
c. Monitor
d. Tools
Click on Manage, scroll down and click on Switch Admin.
b.
3.
4.
a.
Note: Another good example of this can be found by clicking on Monitor in the Menu bar, scrolling down
and clicking on Name Server to open the name server table. Please note the Domain IDs associated
with the devices in the table.
5.
Click the Logout button on the right side of the window, and click Logout again in the confirmation window,
then close the main Web Tools window.
67. 98
63
2.
3.
4.
5.
6.
7.
From the EFCM main window, go to the Menu Bar, click on Configure, scroll down and click on Zoning to
open the Zoning configuration window
Make sure the Zone Library tab is selected.
a. In the Potential Members window (leftmost pane), expand the device tree as much as possible to show
all available devices.
b. At the bottom of the Zones (center pane) window, click on New Zone. This will add a highlighted box in
the window. In the box, type in ZoneA to name the zone. Hit enter to confirm the name, then click on it
to highlight (select) it. This will allow members to be added to the zone.
c. Click on the server HBA device attached to the 300 switch, then click on the right arrow to add it to the
zone. This device should now be in the center pane, below the zone name.
d. Click on one of the four disk storage devices connected to the B5100 switch, then click on the right
arrow to add it to the zone. There should now be two devices in the center pane, below the zone name.
e. At the bottom of the Zone Sets (rightmost pane) window, click on the New Set button, and type in
BZoneset, in the new box to name the Zone Set. Hit enter to confirm the name, and click on it to
highlight (select) it.
f. Click on the zone name in the Zones (center) pane to select it, and then click on the right arrow to add it
to the Zone Set. The zone name should now appear in the Zone Sets window.
g. Click on the Activate button on the right hand side of the screen to activate (enable) zoning. The
Activate Zone Set window will open. When the information on this screen is verified, click on OK, which
will close the window, and open a confirmation window. Click OK to activate the zone set.
- A message window will appear saying that the zone set is being activated. When activation completes, a new message window will appear saying activation is complete - click on Yes to close the
window.
Click on the Active Zone Set tab, and expand the device tree to graphically illustrate the active zoning in the
fabric.
Click OK to close the Zoning configuration window, and, after reading the caution window that opens, click
OK to close it.
Minimize the EFCM window, and open the VRack on the desktop.
Click on the 5100 and log in with admin/password credentials.
From the switch prompt, issue a cfgshow command.
68. BZoneset
64
In this section, well explore the four parts of the Advanced Module - Group
Manager, Event Management, Security, and Performance.
First well look at the Group Manager.
1.
From the Menu Bar on the main EFCM screen, click on Configure, scroll down and click on Group Manager.
a. The Select Group Action window opens, showing the three options available in Group Manager, Create
Group Log, Install E/OS Firmware, and Run Data Collection.
i.
b.
2.
Create Group Event Log is the default selection. Click Next at the bottom of the screen.
The Select Switches/Directors window opens. Click on the M4400 in the left pane to highlight it, and
then click the right arrow to move it into the right pane. Click Save in the upper right side of the window.
i.
A box opens allowing you to name the Group Log. Type in M4400Log, and click OK.
ii.
This will cause the Next button at the bottom of the screen to light up. Click it.
iii.
The final step in creating the log is to click the Start button at the right of the screen.
iv.
When the log is finished, the Status in the center pane will say Log Created.
v.
Click Finish at the bottom of the screen, and the Group Manager window will close.
From the Menu Bar on the main EFCM screen, click on Monitor, scroll down and click on Logs, and scroll
down and click on Group. The newly created M4400Log will display. Take a minute to read through the log
to see what types of events are posted. When finished, close the window.
2.
3.
69. Type is Product State Event, which one is Event Management Link Down
70. Look under Actions: An alarm will sound, and a severity level INFORMATIONAL message will be generated.
65
The Security Center is next, so click on the Security tab to open the Security Center window. The default view
has the Login Banner tab selected. From here, the wording of the login banner can be added, and the login
banner can be turned on or off.
The Security Center is a tool for viewing and configuring Fibre Channel authentication parameters. It provides
a single central user interface for managing the authentication settings of all Security Center-capable
switches and directors in the fabric. The Security Center is designed to be a single point of control for the
security administrator.
1.
2.
3.
4.
5.
Click on the Security tab to open the Security window. There should be two items in the Fabrics and Server
window (Left side). The top item is the EFCM Server, and the bottom item is your fabric
Make sure the top item (the EFCM Server) is selected.
What are the tabs just to the right of this window______________________________________________?71
Clicking on the Server Authentication tab allows the addition of an LDAP server as a point of
authentication.
Click on the Switch Authentication tab. Which new tabs appear in the lower section of the window?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________72
Note: When the Security tab is selected and the Security window opens, the Security Log is also displayed
to the right of the Master Log.
6.
Click the View All tab just to the left of Security and Event Management to return to the default view.
From the View All tab on the main EFCM screen, click on the M4400 switch to hightlight it.
Then click on Monitor, scroll down to Performance, then click on Setup.
a. Click on the checkbox next to High resolution continuous export to highlight the center portion of the
screen.
b. Click in the checkbox next to the M4400 in the Select Switches window.
c. Type abc in the File Naming box.
Where are the files stored (look in the Directory box)?73
e. Click OK at the bottom of the window, and then click OK again in the EFCM Message window to confirm
f. This will close the Setup window.
Click on Monitor, scroll down to Performance, then click on Setup.
d.
3.
66
a.
b.
Uncheck the box next to High resolution continuous export, this will disable all the selections make in
step 2.
Click OK at the bottom of the window to return to the main screen.
Important: The next section of the lab is mandatory in order for subsequent lab exercises to work properly. If you do not perform these tasks now, you will have to come
back and perform them later.
This is the end of CFP270 Lab Exercise for Module 8 - Administration and Maintenance.
67
You can access the switches in the lab through a serial console connection by following these steps:
a. Right-click on the VRack switch icon and select Console.
b. This will either take you directly to a console session on the specified switch or to an Avocent login
message (depends on version of serial console hardware used).
c. If you get a Avocent login message you will need to enter Username Admin (with a capital A) and
Password letmein2.
c.
68
Press return when you see the message above, this will take you to the switch logon screen where you can
logon with admin/password credentials.
From a Windows command prompt, start a telnet session by typing telnet aa.bb.cc.dd, where
aa.bb.cc.dd is the IP address of your switch or Director.
2.
Open the Run window by left-clicking on the Start button, then selecting Run. In the resulting dialog, left-click in
the Open field and type telnet aa.bb.cc.dd, where aa.bb.cc.dd is the IP address of your switch or
Director.
To open a console session to your switch or director without a VRack configuration, follow the same steps as show above, but
use the Console IP and Console Port addresses for your switch. For example, if the Console IP address is
10.128.128.210 and the Console Port address is 3003 for your switch, you would enter the command
10.128.128.210 3003.
69
70
1.
At the Windows desktop, start a HyperTerminal session by left-clicking on the Start button, then selecting
Programs, Accessories, Communications, and HyperTerminal.
2.
In the resulting Connection Description dialog, left-click in the Name field, and type telnet Station
XXX, where XXX is your station number. Select the telephone icon (shown below), and click OK.
3.
In the resulting Connect To dialog, select the Connect Using drop-down menu, and select the TCP/IP
(Winsock) option, then click OK.
4.
After selecting the TCP/IP (Winsock) option, the Connect To dialog changes to support this protocol. Enter
the IP address of your switch or Director in the Host address field, then click OK.
In an active HyperTerminal session, begin capturing text by left-clicking on the Transfer menu, then selecting the
Capture Text item. In the resulting Capture Text dialog, type the name of the log file in the File field, then
click Start. In the example below, the log file name is C:\CFP270\Trace\Lab1_SupportShow; please
define the log file name as directed in lab exercise.
2.
To stop capturing text in the log file, left-clicking on the Transfer menu, then selecting the Capture Text item.
In the resulting Capture Text dialog, click Stop.
71
72