Professional Documents
Culture Documents
18 July 2008
Access Gateway
Administrator’s Guide
Document History
The following table lists all versions of the Access Gateway Administrator’s Guide.
Figures
Tables
Appendix A Troubleshooting
Index
Document conventions
This section describes text formatting conventions and important notices formats.
Text formatting
The narrative-text formatting conventions that are used in this document are as follows:
bold text Identifies command names
Identifies the names of user-manipulated GUI elements
Identifies keywords and operands
Identifies text to enter at the GUI or CLI
italic text Provides emphasis
Identifies variables
Identifies paths and Internet addresses
Identifies document titles
code text Identifies CLI output
Identifies syntax examples
For readability, command names in the narrative portions of this guide are presented in mixed
lettercase: for example, switchShow. In actual examples, command lettercase is often all
lowercase. Otherwise, this manual specifically notes those cases in which a command is case
sensitive. The ficonCupSet and ficonCupShow commands are an exception to this convention.
NOTE
A note provides a tip, emphasizes important information, or provides a reference to related
information.
ATTENTION
An Attention statement indicates potential damage to hardware or data.
CAUTION
A Caution statement alerts you to situations that can be potentially hazardous to you.
DANGER
A Danger statement indicates conditions or situations that can be potentially lethal or extremely
hazardous to you. Safety labels are also attached directly to products to warn of these conditions
or situations.
Key terms
For definitions of SAN-specific terms, visit the Storage Networking Industry Association online
dictionary at: http://www.snia.org/education/dictionary.
For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary.
The following terms are used in this manual to describe Access Gateway mode and its components.
Additional information
This section lists additional Brocade and industry-specific documentation that you might find
helpful.
Brocade resources
To get up-to-the-minute information, join Brocade Connect. It’s free! Go to http://www.brocade.com
and click Brocade Connect to register at no cost for a user ID and password.
For practical discussions about SAN design, implementation, and maintenance, you can obtain
Building SANs with Brocade Fabric Switches through:
http://www.amazon.com
For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource
Library location:
http://www.brocade.com
Release notes are available on the Brocade Connect Web site and are also bundled with the Fabric
OS firmware.
*FT00X0054E9*
FT00X0054E9
Document feedback
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and
completeness of this document. However, if you find an error or an omission, or you think that a
topic needs further development, we want to hear from you. Forward your feedback to:
documentation@brocade.com
Provide the title and version number of the document and as much detail as possible about your
comment, including the topic heading and page number and your suggestions for improvement.
Getting Started 1
In this chapter
• Brocade Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
• Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . 2
• Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
• How Access Gateway maps ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
• Upgrade and downgrade considerations for switches in AG mode . . . . . . . . 6
The following points summarize the differences between a Fabric OS switch in Native mode and a
Fabric OS switch in AG mode:
• The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as
many physical ports, consumes fabric resources, and can connect to a Fabric OS fabric only.
• AG is outside of the fabric; it reduces the number of switches in the fabric and the number of
required physical ports. You can connect AG to either a Fabric OS, M-EOS, or Cisco-based
fabric.
Edge Switch
N_Port F_Port
F_Port
N_Port NPIV
enabled
N_Port F_Port
Switch in standard
Hosts default mode Fabric Switch
F_Port Yes Connects hosts and targets to Yes Connects devices, such as hosts, HBAs,
Access Gateway. and storage to the fabric.
N_Port Yes Connects Access Gateway to a fabric NA N_Ports are not supported.
switch.
E_Port NA ISL is not supported.1 Yes Connects the switch to other switches to
form a fabric.
1. The switch is logically transparent to the fabric, therefore it does not participate in the SAN as a fabric switch.
Edge Switch
Host_1 F_1 (Switch_A)
F_A1
N_1 NPIV
Host_2 F_2
enabled
F_A2
N_2 NPIV
Host_3 F_3 enabled
Edge Switch
(Switch_B)
Host_4 F_4
F_B1
N_3 NPIV
enabled
Host_5 F_5
F_B2
N_4 NPIV
enabled
Host_6 F_6
Host_7 F_7
Host_8 F_8
In this chapter
• Access Gateway policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
• Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
• Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
• Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
• Failback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
• Cold Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
• Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
• Access Gateway policy enforcement matrix. . . . . . . . . . . . . . . . . . . . . . . . . . 20
• Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
• Configuration management for trunk areas . . . . . . . . . . . . . . . . . . . . . . . . . 27
• Access Gateway Cascading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
NOTE
Use an asterisk enclosed in quotation marks,“*”, to set the Allow list to “All Access” to all F_Ports;
use a pair of double quotation marks ("") to set the Allow list to “No Access”.
• The same Allow List can be specified for more than one F_Port.
This example show how to set the list of allowed devices for ports 1, 10, and 13 to all access:
1. Connect to the switch and log in as admin.
2. Enter the ag --adsset “1;10;13”“*” command.
switch:admin> ag–-adsset“1;10;13”“*”
WWN list set successfully as the Allow Lists of the F_Port[s]
ATTENTION
Enabling the APC policy is disruptive to F_Ports and N_Ports. You must disable the module before
you enable the APC policy because when you enable the APC policy, existing F_Port-to-N_Port
mappings are deleted. Because the APC policy enforcement erases port mappings existing on the
switch, it is recommended to perform a configupload before enabling the APC policy. After you
enable the APC policy, the policy immediately takes effect; a reboot is not required. When you disable
the APC policy, the N_Port configuration and the F_Port-to-N_Port mapping revert back to the default
factory configuration for that platform.
The APC policy is mutually exclusive with the Port Grouping policy. When the APC policy is enabled
on a switch connected to multiple fabrics, no attempt is made by AG to restrict failover behavior
even if the N_Ports are connected to unrelated fabrics. Do not to use the APC policy when Access
Gateway is connected to multiple fabrics.
NOTE
When in Access Gateway mode, the Automatic Port Configuration policy may not work when attached
to M-EOS switches. M-EOS ports should be set to G_Port to prevent problems with port type
discovery. Ports 16-47 on the FC8-48 blade may not be used for AG F_Port Trunking connections.
NOTE
Because of the disruption caused by the redistribution of F_Ports, it is recommended to add new
N_Ports to the module. For more information on adding N_Ports, see “Adding an N_Port to a port
group” on page 19.
Failover policy
Access Gateway Failover and Failback policies ensure maximum uptime for the servers. When a
port is configured as an N_Port and if by default, the Failover policy is enabled, F_Ports are not
disabled if its N_Port goes off line. If you specify a Preferred Secondary N_Port for any of the
F_Ports, and if the N_Port goes offline, the F_Ports will fail over to the Preferred Secondary N_Port,
and then re-enable. The specified Preferred Secondary N_Port must be online; otherwise, the
F_Ports will become disabled.
Alternatively, if a Preferred Secondary N_Port is not set for any of F_Ports, the F_Ports will fail over
to other online N_Ports belonging to the same N_Port group, and then re-enable. The FLOGI and
FDISC requests are forwarded from F_Ports through the new N_Port. If multiple N_Ports are
available as candidates for failover, Access Gateway selects one or more N_Ports so that the
F_Ports are evenly balanced across all the N_Ports.
NOTE
Failover of F_Ports to new a N_Port generates a RASLOG message.
The Failover policy allows hosts to automatically remap to an online N_Port if the primary N_Port
goes offline. The Failover policy is enabled (or enforced) during power-up. The Failover policy evenly
distributes the F_Ports that are mapped to an offline N_Port among all the online N_Ports. The
Failover policy is a parameter of each N_Port. By default, the Failover policy is enabled for all
N_Ports.
The following sequence describes how a failover event occurs:
• An N_Port goes offline.
• All F_Ports mapped to that N_Port are disabled.
• If the N_Port Failover policy is enabled, and a Preferred Secondary N_Port is specified for the
F_Port and that N_Port is online, the F_Port fails over to the respective Preferred Secondary
N_Port, and then re-enables.
NOTE
The Preferred Secondary N_Port is defined per F_Port. For example, if two F_Ports are mapped
to a primary N_Port1, you can define a secondary N_Port for one of those F_Ports and not
define a secondary N_Port for the other F_Port. Typically, this is done by the server
administrator. You must determine whether you want to define a preferred secondary map for
each of the servers or just a subset of the servers.
• If the Preferred Secondary N_Port is not online, those F_Ports are disabled.
• If the Preferred Secondary N_Port is not set for any of the F_Ports, those F_Ports will fail over
to other available N_Ports belonging to the same N_Port group, and then re-enable.
• The host establishes a new connection with the fabric.
Example: Failover Policy
This example shows the failover behavior in a scenario where two fabric ports go offline, one after
the other. Note that this example assumes that no Preferred Secondary N_Port is set for any of the
F_Ports.
• First the Edge switch F_A1 port goes offline, as shown in Figure 4 on page 13 Example 1 (left),
causing the corresponding Access Gateway N_1 port to be disabled.
The ports mapped to N_1 fail over; F_1 fails over to N_2 and F_2 fails over to N_3.
• Next the F_A2 port goes offline, as shown in Figure 4 on page 13 Example 2 (right), causing
the corresponding Access Gateway N_2 port to be disabled.
The ports mapped to N_2 (F_1, F_3, and F_4) fail over to N_3 and N_4. Note that the F_Ports
are evenly distributed to the remaining online N_Ports and that the F_2 port did not participate
in the failover event.
Example 1 Example 2
Hosts Access Gateway Hosts Access Gateway
Legend
Physical connection
Mapped online
Failover route online
Original mapped route
(offline)
3. Enter the ag command with the --failoverenable <n_portnumber> operand to enable failover.
switch:admin> ag --failoverenable 13
Failover policy is enabled for port 13
3. Enter the ag command with the --failoverenable <n_portnumber> operand to enable failover.
switch:admin> ag --failoverenable 13
Failover policy is enabled for port 13
Failback policy
The Failback policy automatically reroutes the F_Ports back to the primary mapped N_Ports as
those N_Ports come back online, if the Failback policy is enabled for the N_Port.
Only the originally mapped F_Ports fail back. In the case of multiple N_Port failures, only F_Ports
that were mapped to the recovered N_Port experience failback. The remaining F_Ports are not
redistributed among the online N_Ports during the failback. If the APC policy is enabled, by default,
the failback policy is disabled.
NOTE
The Failback policy is an N_Port parameter. By default, the Failback policy is enabled.
The ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which
were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled.
Example 3
Edge Switch
Host_1 F_1 (Switch_A)
F_A1
N_1 NPIV
Host_2 enabled
F_2
F_A2
N_2 NPIV
Host_3 F_3 enabled
Edge Switch
(Switch_B)
Host_4 F_4
F_B1
N_3 NPIV
enabled
Host_5 F_5
F_B2
N_4 NPIV
enabled
Host_6 F_6
Host_7 F_7
Legend
Physical connection
Mapped online
Failover route online
Host_8 F_8 Original mapped route
(offline)
3. Enter the ag --failbackenable command with the n_portnumber operand to enable failover.
switch:admin> ag --failbackenable 13
Failback policy is enabled for port 13
3. Enter the ag --failbackdisable command with the n_portnumber operand to disable failover.
switch:admin> ag --failbackdisable 13
Failback policy is disabled for port 13
When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can
access the same target devices from both of the fabrics. In this case, you must group the N_Ports
connected to the redundant fabric into a single port group. It is recommended to have paths fail
over to the redundant fabric when the primary fabric goes down.
ATTENTION
If N_Ports are connected to unrelated fabrics are grouped together, N_Port failover within a port
group can cause the F_Ports to connect to a different fabric and the F_Ports may lose connectivity
to the targets they were connected to before the failover, thus causing I/O disruption as shown in
Figure 7.
You can create new port groups and add N_Ports to those groups. However, all N_Ports that are not
part of any user-created port group are part of the default port group pg0.
Because port groups cannot be overlapped, if you specify an N_Port as a Preferred Secondary
N_Port and it already belongs to another port group, the Port Group creation fails.
NOTE
If the PG policy is disabled while a switch in AG mode is online, all the user-defined port groups are
deleted, but the F_Port-to-N_Port mapping remain unchanged.
3. Enter the command ag --pgshow to verify the port group was created.
switch:admin> ag --pgshow
Port Group ID Port Group Name
------------------------------------
0 None pg0
2 0;2 SecondFabric
3 1;3 FirstFabric
------------------------------------
3. Enter the command ag --pgshow to verify the N_Port was added to the specified port group.
switch:admin> ag --pgshow
PG_ID N_Ports PG_Name
-----------------------------------------------------------------------------
0 15 pg0
3 12;13;14 Test
-----------------------------------------------------------------------------
3. Enter the command ag --pgshow to verify the N_Port was deleted from the specified port
group.
switch:admin> ag --pgshow
PG_ID N_Ports PG_Name
-----------------------------------------------------------------------------
0 13;15 pg0
3 12;14 Test
-----------------------------------------------------------------------------
3. Enter the command ag --pgshow to verify the port group has been deleted.
switch:admin> ag --pgshow
PG_ID N_Ports PG_Name
-----------------------------------------------------------------------------
0 12;13;14;15 pg0
-----------------------------------------------------------------------------
3. Enter the command ag --pgshow to verify the port group has been renamed.
switch:admin> ag --pgshow
PG_ID N_Ports PG_Name
--------------------------------------
0 None pg0
2 0;2 MyEvenFabric
3 1;3 FirstFabric
3. Enter the command ag --pgshow to verify the Port Group policy is disabled.
switch:admin> ag --policyshow
AG Policy Policy Name State
----------------------------------------------------------
Port Grouping pg Disabled
Auto Port Configuration auto Disabled
Advance Device Security ADS Disabled
----------------------------------------------------------
Because you must configure the trunking on the Edge switch, F_Port trunking, provides a Trunk
group between N_Ports on the AG module and F_Ports on the Edge switch module. This feature
keeps AG’s F_Port(s) from becoming disabled in the case where an N_Port within the trunk group
fails. No failover occurs as long as there is at least one active link in the trunk group. With trunking,
any link within a trunk can go off line or become disabled, but the trunk remains fully functional
and no re-configuration is required.
Trunking prevents reassignments of the Port ID (also referred to as the Address Identifier as
described in Table 6 on page 24) when N_Ports go offline.
You must install the Brocade ISL license on both the Edge switch and the module running in AG
mode and you must ensure that both modules running Fabric OS v6.1.0 or later.
All ports within a trunk group must be part of the same port group; ports outside of a port group
cannot form a trunk group. For more information on Port Groups, see “Port Grouping policy” on
page 16.
NOTE
If a switch already has an ISL Trunking license, no new licenses is required to use it on AG N_Port
masterless trunking; Also, after a trunking license is installed on a switch in AG mode and you
change the switch to standard mode, you can keep the same license. Access Gateway does not work
on M-EOS or third party switches.
To implement F_Port masterless trunking on the Edge switch, you must first configure an F_Port
Trunk group and statically assign an Area_ID within the trunk group. Assigning a Trunk Area (TA) to a
port or trunk group enables F_Port masterless trunking on that port or trunk group. When a TA is
assigned to a port or trunk group, the ports will immediately acquire the TA as the area of its
process IDs (PID). And when a TA is removed from a port or trunk group, the ports reverts to the
default area as its PID.
Area assignment You statically assign the area within the trunk group on the Edge
switch. That group is the F_Port masterless trunk.
The static trunk area you assign must fall within the F_Port trunk
group starting from port 0 on a Edge switch or blade.
The static trunk area you assign must be one of the port’s default
areas of the trunk group.
Authentication Authentication occurs only on the F_Port trunk master port and
only once per the entire trunk. This behavior is same as E_Port
trunk master authentication. Because only one port in the trunk
does FLOGI to the switch, and authentication follows FLOGI on
that port, only that port displays the authentication details when
you issue the portshow command.
DCC Policy DCC policy enforcement for the F_Port trunk is based on the Trunk
Area; the FDISC requests to a trunk port is accepted only if the
WWN of the attached device is part of the DCC policy against the
TA. The PWWN of the FLOGI sent from the AG will be dynamic for
the F_Port trunk master. Because you do not know ahead of time
what PWWN AG will use, the PWWN of the FLOGI will not go
through DCC policy check on an F_Port trunk master. However, the
PWWN of the FDISC will continue to go through DCC policy check.
D.I. Zoning Creating a Trunk Area may remove the Index ("I") from the switch
(D,I) AD to be grouped to the Trunk Area. All ports in a Trunk Area share
(D, I) DCC and (PWWN, I) DCC the same "I". This means that Domain,Index (D,I), which refer to
an "I", that might have been removed, will no longer be part of the
switch.
You can remove the port from the Trunk Area to have the "I" back
into effect. D,I will behave as normal, but you may see the effects
of grouping ports into a single "I".
Also, D,I continues to work for Trunk Area groups. The "I" can be
used in D,I if the "I" was the "I" for the Trunk Area group.
The following table describes the PWWN format for F_Port and N_Port trunk ports.
TABLE 6 PWWN format for F_Port and N_Port trunk ports
NAA = 2 2f:xx:nn:nn:nn:nn:nn:nn Port WWNs for: The valid range of xx is [0 - FF],
(1) switch’s FX_Ports. for maximum of 256.
3. Re-enable ports 36-39 by executing portenable port for each port in the TA.
4. Show switch/port information:
switch:admin> switchshow
switchName: SPIRIT_B4_01
switchType: 66.1
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 2
switchId: fffc02
switchWwn: 10:00:00:05:1e:41:22:80
zoning: OFF
switchBeacon: OFF
FC Router: ON
FC Router BB Fabric ID: 100
Area Port Media Speed State Proto
=====================================
0 0 -- N8 No_Module
1 1 -- N8 No_Module
2 2 -- N8 No_Module
3 3 -- N8 No_Module
4 4 -- N8 No_Module
5 5 -- N8 No_Module
6 6 -- N8 No_Module
7 7 -- N8 No_Module
8 8 id N4 Online F-Port 10:00:00:00:00:01:00:00
9 9 -- N8 No_Module
10 10 -- N8 No_Module
11 11 -- N8 No_Module
12 12 -- N8 No_Module
13 13 -- N8 No_Module
14 14 -- N8 No_Module
15 15 -- N8 No_Module
16 16 -- N8 No_Module
17 17 -- N8 No_Module
18 18 -- N8 No_Module
19 19 -- N8 No_Module
20 20 -- N8 No_Module
21 21 -- N8 No_Module
22 22 -- N8 No_Module
23 23 -- N8 No_Module
24 24 -- N8 No_Module
25 25 -- N8 No_Module
26 26 -- N8 No_Module
27 27 -- N8 No_Module
28 28 -- N8 No_Module
29 29 -- N8 No_Module
30 30 -- N8 No_Module
31 31 -- N8 No_Module
32 32 id N4 No_Light
33 33 id N4 No_Light
34 34 id N4 No_Light
35 35 id N4 No_Light
36 36 id N4 Online F-Port 20:14:00:05:1e:41:4b:4d
37 37 id N4 Online F-Port 20:15:00:05:1e:41:4b:4d
38 38 id N4 Online F-Port 20:16:00:05:1e:41:4b:4d
39 39 id N4 Online F-Port 2 NPIV public
Disable each port prior to removing ports from the TA. Then reissue the command:
switch:admin> porttrunkarea --disable 36-39
Trunk area 37 disabled for ports 36, 37, 38 and 39.
Ports are connected between the two AG switches, which are connected to each other. AG
cascading connections between devices increase the network use because cascading provides
higher over-subscription while allowing you to consolidate the number of ports going to the main
fabric. There is no license requirement to use this feature.
Configuration considerations when cascading Access Gateway modules/switches:
• You must enable the Port Grouping (PG) policy on both the Edge and Core AG switches.
• Only one level of cascading is supported. Note that several Edge AGs can connect into a single
Core AG to support higher consolidation ratios.
• AG Trunking between the Edge and Core AG switches is not supported.
• It is recommended to enable the Advanced Security Policy (ADS) on the AG F_Ports that are
directly connected to the servers.
• APC policy is not supported when cascading.
• Loopbacks (Core AG N_port to Edge AG F_Port) are not allowed.
In this chapter
• Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
• Configuring the fabric and Edge switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
• Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
• Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
• Re-joining switches to a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
• Allow multiple logins. The recommended fabric login setting is the maximum allowed per
port and per switch.
• Use only WWN zoning throughout the fabric. Access Gateway does not support domain ID and
other types of zoning schemes.
• Include the Access Gateway WWN or the port WWN of the N_Ports, also include the HBA WWNs
that will be connected to AG F_Ports to the ACL list in ACL policies.
• Allow inband queries for forwarded fabric management requests from the hosts. Add the
Access Gateway switch WWN to the access list if inband queries are restricted.
NOTE
Before connecting Access Gateway to a Fabric OS fabric, disable the Fabric OS Management Server
Platform Service.
20 20 -- N4 No_Module
21 21 id N4 Online E-Port segmented,(zone conflict)(Trunk
master)
22 22 id N4 Online E-Port (Trunk port, master is Port 21 )
23 23 id N4 Online E-Port (Trunk port, master is Port 21 )
3. Enable NPIV functionality on the Edge fabric ports so that multiple logins are allowed for each
port. Enter the following command on the M-EOS switch to enable NPIV on the specified ports.
config NPIV
NOTE
You can run the agshow command to display Access Gateway information registered with the fabric.
When an Access Gateway is exclusively connected to Non-FOS based switches, it will not show up in
the agshow output on other Brocade Switches in the fabric.
In this case, you must configure the Cisco switch using the Cisco provided procedures to ensure
interoperability with Access Gateway.
If you are using Emulex HBAs or any other HBAs that are not based on QLogic FC ASIC technology,
ensure that N_Port ID Virtualization (NPIV) is enabled on the Cisco switch and that the switch is
running SAN-OS 3.0 (1) or SAN-OS 3.1 (1) or later. By default, NPIV is enabled per switch and not
per port.
Your Cisco switch is now ready to connect to a switch in Access Gateway mode.
NOTE
You must set the fcinterop FC ID allocation scheme to auto and use the company ID list and
persistent FC ID configuration to manipulate the FC ID device allocation.
Table 8 shows the Cisco Company ID list, which shows the OUI ID as the three middle bytes of the
World Wide Name (WWN). This OUI ID format is used for initiator devices.
00:E0:8B 00:02:6B
00:09:6B 00:06:2B WWN: 00:00:11:22:33:00:00:00
00:11:25 00:14:5E OUI
00:50:8B 00:A0:B8
00:60:B0 00:D0:60
00:90:A5 00:E0:69
00:50:2E 00:D0:B2
00:E0:8B * <- Explicitly deleted entry (from the original default list)
Total company ids 6
+ - Additional user configured company ids
* -Explicitly deleted company ids from default list.
3. Enter the following command to delete the OUI ID 0x445566 from list:
no fcid-allocation area company-id 0x445566
Ensure that the OUI IDs of the attached target devices are listed in the updated Company ID List.
After you update the list, you are ready to connect the Access Gateway device. If any of the AG
server ports (F_Ports) report that the port is disabled with reason code “Duplicate ALPA Detected,”
then use the follow considerations:
• Ensure that the debug FLOGI mode is not enabled; Cisco does not support NPIV when FLOGI
debug is set. Run the show debug flogi command to verify that the FLOGI mode is not enabled.
If the FLOGI mode is enabled, you must disable it using the following FLOGI debug commands:
config t
no flogi debug
Press Ctrl-Z to exit
copy run start Saves MDS switch configuration
• By default, if this is a new or an existing VSAN to use with the switch in Access Gateway mode,
the default policy for access is "deny." Either set it to "permit" or zone the devices for access.
• Access Gateway is compatible with Cisco VSAN, Dynamic Port VSAN (DVPM), and Inter-VSAN
Routing (IVR) features; however, you may need to use the AG Port Grouping policy to take full
advantage of these MDS features. For more information on the Port Grouping policy, see the
“Port Grouping policy” on page 16.
NOTE
If there are any device(s) in the VSAN that you suspend, it takes that device offline until you
unsuspend that VSAN.
NOTE
You can also use the Persistent FCID field in the Cisco GUI tool to manually assign the FCIDs to
QLogic-based devices behind the Access Gateway module. If you use the method, ensure that
proper FCIDs are assigned, which have a different Area field from the target devices connected to
the same MDS switch. See “Access Gateway routing requirements with Cisco fabrics” on page 34 to
ensure that the switch meets the AG routing requirements.
NOTE
The maximum number of AGs that can be connected to an Edge switch is 30. The maximum number
of devices that can be connected to a Fabric OS switch through AG depends on the maximum
number of local devices that are supported by Fabric OS.
The switch automatically reboots and comes back online in AG mode using a factory default
F_Port-to-N_Port mapping. For more information on AG default F_Port-to-N_Port mapping, see
Table 10 on page 50.
2. Enter the ag --modeshow command to verify that AG mode is enabled.
switch:admin> ag --modeshow
Access Gateway mode is enabled.
3. Enter the ag --mapshow command without any options to display all the mapped ports.
The ag --mapshow command shows all the N_Ports (with the portcfgnport value of 1) even if
those N_Ports are not connected.
switch:admin> ag --mapshow
N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name
-----------------------------------------------------------------------------
0 4;5;6 4;5;6 1 0 2 SecondFabric
1 7;8;9 7;8;9 0 1 0 pg0
2 10;11 10;11 1 0 2 SecondFabric
3 12;13 12;13 0 1 0 pg0
-----------------------------------------------------------------------------
4. Enter the switchShow command without any options to display the status of all ports.
switch:admin> switchshow
switchName: switch
switchType: 43.2
switchState: Online
switchMode: Access Gateway Mode
switchWwn: 10:00:00:05:1e:03:4b:e7
switchBeacon: OFF
Port States
The following table describes the possible port states.
TABLE 9 Port state description
State Description
NOTE
To save the Access Gateway configuration, use the configUpload command before proceeding
with the next step.
The switch automatically reboots and comes back online using the fabric switch configuration;
the AG parameters, such as F_Port-to-N_Port mapping, and the Failover and Failback policies
are automatically removed.
5. Enter the ag --modeshow command to verify that AG mode is disabled.
switch:admin> ag --modeshow
Access Gateway mode is NOT enabled
In this chapter
• Port Initialization in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . 43
• N_Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
• Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
a c
b
d
e
You can expand your fabric by configuring the F_Ports to connect to the fabric as N_Ports, which
increases the number of device ports you can connect to a single fabric port. You can connect AG to
more than one fabric.
When AG is connected to at least one Edge switch in the fabric, Fibre Channel ports operate as
either a target or as an initiator. Fibre Channel ports target ports can also connect to AG as F_Ports.
The following combinations are possible with initiators and targets:
• All F_Ports connect to the FCP initiator port.
• All F_Ports connect to the FCP target port.
• Some F_Ports connect to the FCP initiator port and some connected to FCP target port.
• Targets and hosts that are connected to the same AG are not supported.
N_Ports
The AG port connected to the Enterprise fabric must be configured as an N_Port using the
portcfgnport mode command. By default, on embedded switches, only the internal ports of Access
Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. For more
information on which ports are mapped by default, see Table 10 on page 50. The internal ports
connect hosts in the bladed server and external ports connect to the fabric.
The enabled N_Port will automatically come online if it is connected to an Enterprise fabric switch
that supports NPIV. NPIV capability should be enabled on the ports connected to the Access
Gateway. Use the portcfgnpivport command to enable NPIV capability on the specific port. By
default, NPIV is enabled on 8 Gbps switches.
NOTE
A switch in Access Gateway mode must have at least one port configured as an N_Port.
Therefore, the maximum number of F_Ports that can be mapped to an N_Port is the number of
ports on the switch minus one.
Figure 11 shows a host connected to an embedded switch’s external F_Port when Access Gateway
is enabled. The configured F_Port is mapped to an N_Port.
Unlocking N_Ports
Unlocking the N_Port configuration automatically changes the port to an F_Port. When you unlock
an N_Port, the F_Ports are automatically unmapped and disabled.
1. Connect to the switch and log in as admin.
2. Enter the portcfgnport command.
NOTE
The portcfgnport command only works when the Port Grouping policy is enabled.
switch:admin> portcfgnport
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
--------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--
Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
3. Enter the portcfgnport command with <portnumber> 0 operand to unlock N_Port mode.
switch:admin> portcfgnport 10 0
Alternatively, to lock a port in N_Port mode, enter the portcfgnport <portnumber> 1 command.
switch:admin> portcfgnport 10 1
By default, on embedded switches, all external ports are configured as N_Port lock mode when you
enable Access Gateway. Access Gateway connects only FCP initiators and targets to the fabric. It
does not support other types of ports, such as ISL (interswitch link) ports.
The port types on a fabric switch are not locked. Fabric OS Native mode dynamically assigns the
port type based on the connected device: F_Ports and FL_Ports for hosts, HBAs, and storage
devices; and E_Ports, EX_Ports, and VE_Ports for connections to other switches.
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
--------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--
Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
switch:admin> ag --mapshow
N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name
----------------------------------------------------------------------------
0 4;6 4;6 1 0 2 SecondFabric
1 7;8;9 7;8;9 0 1 0 pg0
2 5;10;11 5;10;11 1 0 2 SecondFabric
3 12;13 12;13 0 1 0 pg0
NOTE
For a description of the port state, see Table 9 on page 39.
Port configurations
The following mapping updates and adding and removing of ports are only applicable to the Port
Grouping policy.
NOTE
For bladed servers, the HBA connects to the internal ports. Internal ports are F_Ports. By default,
only the external ports are configured as N_Ports.
3. Enter the switchshow command to verify that the F_Port is free (unassigned).
Unassigned F_Port status is Disabled (No mapping for F_Port). See port 6 in the following
example.
switch:admin> switchshow
switchName: fsw534_4016
switchType: 45.0
switchState: Online
switchMode: Access Gateway Mode
switchWwn: 10:00:00:05:1e:02:1d:b0
switchBeacon: OFF
The f_portlist can contain multiple F_Port numbers separated by semicolons, for example
“17;18”.
switch:admin> ag --mapadd 13 "6;7"
F-Port to N-Port mapping has been updated successfully
5. Enter the ag --mapshow command with the n_portnumber operand to display the list of
mapped F_Ports. Verify that the added F_Ports appear in the list.
switch:admin> ag --mapshow 13
N_Port : 13
Failover(1=enabled/0=disabled) : 1
Failback(1=enabled/0=disabled) : 1
Current F_Ports : None
Configured F_Ports : 6;7
PG_ID : 0
PG_Name : pg0
3. Enter the ag --mapshow command with the n_portnumber operand to display a list of
mapped F_Ports. Verify that the F_Ports you removed are not in the list.
switch:admin> ag --mapshow 13
N_Port : 13
Failover(1=enabled/0=disabled) : 1
Failback(1=enabled/0=disabled) : 1
Current F_Ports : None
Configured F_Ports : 7
PG_ID : 0
PG_Name : pg0
The following table shows the default F_Port-to-N_Port mapping that is automatically configured
when Access Gateway mode is enabled. All N_Ports have failover and failback enabled. All ports
must have the POD license active to use Access Gateway on the Brocade 300 and 200E.
.
Troubleshooting A
TABLE 11 Troubleshooting
Problem Cause Solution
Switch is not in Access Switch is in Native switch mode Disable switch using the switchDisable command.
Gateway mode Enable Access Gateway mode using
the ag --modeenable command.
Answer yes when prompted; the switch reboots.
Log in to the switch.
Display the switch settings using the switchShow command. Verify
that the field switchMode displays Access Gateway Mode.
NPIV disabled on Edge Inadvertently turned off On the Edge switch, enter the portCfgShow command.
switch ports Verify that NPIV status for the port to which Brocade Access Gateway
is connected is ON.
If the status displays as “--” NPIV is disabled. Enter the
portCfgNpivPort <port_number> command with the 1 operand to
enable NPIV.
Repeat step for each port as required.
Need to reconfigure Default port setting not adequate for On Brocade Access Gateway, enter the portCfgShow command.
N_Port and F_Ports customer environment For each port that is to be activated as an N_Port, enter the
portCfgNport <port_number> command with the 1 operand.
All other ports remain as F_Port.
To reset the port to an F_Port, enter the portCfgNpivPort
<port_number> command with the 0 operand.
LUNs are not visible Zoning on fabric switch is incorrect. Verify zoning on the Edge switch.
Port mapping on Access Gateway mode Verify that F_Ports are mapped to an online N_Port. See “Access
switch is incorrect. Gateway default F_Port-to-N_Port mapping” on page 50.
Cabling not properly connected. Perform a visual inspection of the cabling, check for issues such as
wrong ports, twisted cable, or bent cable. Replace the cable and try
again.
Failover is not working Failover disabled on N_Port. Verify that failover and failback policies are enabled, as follows:
Enter the ag --failoverShow command with the <port_number>
operand.
Enter the ag --failbackShow command with the <port_number>
operand.
Command returns “Failback (or Failover) on N_Port <port_number> is
supported.”
If it returns, “Failback (or Failover) on N_Port <port_number> is not
supported.” See “Adding a preferred secondary N_Port” on page 49.
Access Gateway is mode Access Gateway must be disabled. Disable switch using the switchDisable command.
not wanted Enable Access Gateway mode using
the ag --modeDisable command.
Answer yes when prompted; the switch reboots.
Log in to the switch.
Display the switch settings using the switchShow command. Verify
that the field switchMode displays Fabric OS native mode.
NOTE
If a Fabric OS switch is in Access Gateway mode and is also set to McDATA Fabric mode, when that
switch is connected to an M-EOS switch, the Fabric OS switch does not display in the output when
you run the agshow command.
A authentication
limitations, 22
Access Gateway
cascading, 29
comparison to standard switches, 4 B
compatible fabrics, 2
connecting devices, 31 behavior
connecting two AGs, 29 failover policy, 15
description, 1
displaying information, 33
features, 2
mapping description, 6
C
port mapping, 5
Cisco switch
port types, 4
adding OUIs, 36
Access Gateway mode
AG routing requirements, 34
comparison, 2
Company ID list, 35
direct target attach, 31
deleting OUIs, 35, 36
disabling, 40
displaying FCID, 36
enabling, 38
editing Company ID list, 35
port initialization, 43
enabling Flat FCID mode, 37
port types, 4
enabling NPIV, 34
saving configuration, 40
FLOGI support, 36
supported firmware versions, 31
interoperability with AG, 34
terms, xv
no FC target devices, 35
ACL policies
no target devices on switch, 37
settings, 32 target devices on switch, 37
adding devices to fabric, 9 code, xiv
Address Identifier, 26 cold failover policy
Admin domain, 23 preferred secondary N_Port, 16
ADS Policy
adding devices, 9
disabling, 8
displaying devices, 9, 10
enabling, 8
removing devices, 9
setting devices to login, 8
setting devices to not login, 9
APC Policy
connecting to multiple fabrics, 10
disabling, 11
enabling, 11
rebalancing F_Ports, 11
area assignment, 22
Q U
QLogic-based devices
unlock
workaround, 35
N_Port, 45
upgrading, 22
considerations, 6
R with ADS policy enabled, 6
with APC policy enabled, 6
removing devices from switch, 9 with PG policy enabled, 6
removing trunk ports, 22
requirements
ports, 31