53 1000605 04 AccessGateway v611

53-1000605-04
18 July 2008
Access Gateway
Administrator’s Guide
Supporting Fabric OS 6.1.1

Copyright © 2007-2008 Brocade Communications Systems, Inc. All Rights Reserved.
Brocade, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks and the Brocade B-wing symbol,
DCX, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or
services of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to
this document at any time, without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with
respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that
accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other
open source license agreements. To find-out which open source software is included in Brocade products, view the licensing
terms applicable to the open source software, and obtain a copy of the programming source code, please visit
http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Corporate Headquarters Asia-Pacific Headquarters
Brocade Communications Systems, Inc. Brocade Communications Singapore Pte. Ltd.
1745 Technology Drive 9 Raffles Place
San Jose, CA 95110 #59-02 Republic Plaza 1
Tel: 1-408-333-8000 Singapore 048619
Fax: 1-408-333-8101 Tel: +65-6538-4700
Email: info@brocade.com Fax: +65-6538-0302
Email: apac-info@brocade.com
European and Latin American Headquarters
Brocade Communications Switzerland Sàrl
Centre Swissair
Tour A - 2ème étage
29, Route de l'Aéroport
Case Postale 105
CH-1215 Genève 15
Switzerland
Tel: +41 22 799 56 40
Fax: +41 22 799 56 41
Email: emea-info@brocade.com
Document History
The following table lists all versions of the Access Gateway Administrator’s Guide.
Document Title Publication Number Summary of Changes Publication Date
Access Gateway Administrator’s Guide 53-1000430-01 First version January 2007

Access Gateway Administrator’s Guide 53-1000633-01 Added support for the 200E 15 Jun 2007
Access Gateway Administrator’s Guide 53-1000605-01 Added support for new policies 19 Oct 2007
and changes to N_Port
mappings.
Access Gateway Administrator’s Guide 53-1000605-02 Added support for new 12 Mar 2008
platforms:
300 and the 4424.
Added support for new features:
- Masterless Trunking
- Direct Target Connectivity
- Advance Device Security policy
- 16- bit routing
Access Gateway Administrator’s Guide 53-1000605-03 Added support for: 18 July 2008
- Cascading Access Gateway.
Access Gateway Administrator’s Guide 53-1000605-04 Updated to fix the table of 18 July 2008
contents
Access Gateway Administrator’s Guide iii

53-1000605-04
iv Access Gateway Administrator’s Guide
53-1000605-04
Contents
Figures
Tables
About This Document

How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Command syntax conventions . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Notes, cautions, and warnings . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Key terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Brocade resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Other industry resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Optional Brocade features . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Chapter 1 Getting Started

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Brocade Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Fabric OS features in Access Gateway mode . . . . . . . . . . . . . . . . . . . 2
Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Comparison of Access Gateway ports to standard switch ports. 4
How Access Gateway maps ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Upgrade and downgrade considerations for switches in AG mode . . 6
Considerations with policies enabled. . . . . . . . . . . . . . . . . . . . . . 6
Advance Device Security policy. . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . 6
Port Grouping policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Chapter 2 Enabling Policies on Switches in Access Gateway Mode

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Access Gateway Administrator’s Guide v

53-1000605-04
Access Gateway policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Showing current policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Enabling the Advanced Device Security policy. . . . . . . . . . . . . . . 8
Disabling the Advanced Device Security policy . . . . . . . . . . . . . . 8
Setting which devices can log in if ADS policy is enabled. . . . . . 8
Setting which devices cannot log in if ADS policy is enabled . . . 9
Removing devices from the list of devices allowed at login . . . . 9
Adding new devices to the list of devices allowed at login . . . . . 9
Displaying the list of devices on the switch . . . . . . . . . . . . . . . . 10
Automatic Port Configuration policy. . . . . . . . . . . . . . . . . . . . . . . . . . 10
Enabling the Automatic Port Configuration policy . . . . . . . . . . . 11
Disabling the Automatic Port Configuration policy . . . . . . . . . . 11
Rebalancing F_Ports with APC policy enabled. . . . . . . . . . . . . . 11
Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Enabling the Failover policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Enabling the Failover policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Disabling the Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Failback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Enabling the Failback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Cold Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Creating a port group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Adding an N_Port to a port group . . . . . . . . . . . . . . . . . . . . . . . . 19
Deleting an N_Port from a port group . . . . . . . . . . . . . . . . . . . . 19
Removing a port group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Renaming a port group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Disabling the Port Group policy. . . . . . . . . . . . . . . . . . . . . . . . . . 20
Access Gateway policy enforcement matrix . . . . . . . . . . . . . . . . . . . 20
Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Access Gateway trunking considerations for the Edge switch . 22
Trunk group creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Setting up F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Assigning a Trunk Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Enabling the DCC policy on trunk . . . . . . . . . . . . . . . . . . . . . . . . 26
Configuration management for trunk areas . . . . . . . . . . . . . . . . . . . 27
Enabling Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . . 27
Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
F_Port Trunking monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Access Gateway Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Chapter 3 Connecting Devices Using Access Gateway

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . 31
vi Access Gateway Administrator’s Guide

53-1000605-04
Configuring the fabric and Edge switch . . . . . . . . . . . . . . . . . . . . . . . 31
Verifying the switch mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Setting the Fabric OS switch to Native Mode. . . . . . . . . . . . . . . 33
Enabling NPIV on the M-EOS switch . . . . . . . . . . . . . . . . . . . . . . 33
Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Access Gateway routing requirements with Cisco fabrics. . . . . 34
Enabling NPIV on a Cisco switch. . . . . . . . . . . . . . . . . . . . . . . . . 34
Workaround for QLogic-based devices . . . . . . . . . . . . . . . . . . . . 35
Editing Company ID List if no FC target devices on switch . . . . 35
Adding or deleting an OUI from the Company ID List . . . . . . . . 36
Enabling Flat FCID mode if no FC target devices on switch . . . 37
Editing Company ID list if target devices on switch . . . . . . . . . . 37
Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Enabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . 38
Port States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Disabling Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . 40
Saving the Access Gateway configuration . . . . . . . . . . . . . . . . . 40
Re-joining switches to a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Reverting to a previous configuration. . . . . . . . . . . . . . . . . . . . . 41
Chapter 4 Configuring Ports in Access Gateway mode

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Port Initialization in Access Gateway mode. . . . . . . . . . . . . . . . . . . . 43
N_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Unlocking N_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Displaying N_Port configurations . . . . . . . . . . . . . . . . . . . . . . . . 46
Verifying port mapping and status . . . . . . . . . . . . . . . . . . . . . . . 46
Displaying N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Displaying port status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Adding F_Ports to an N_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Removing F_Ports from an N_Port . . . . . . . . . . . . . . . . . . . . . . . 49
Adding a preferred secondary N_Port . . . . . . . . . . . . . . . . . . . . 49
Deleting F_Ports from a preferred secondary N_Port . . . . . . . . 50
Appendix A Troubleshooting
Index
Access Gateway Administrator’s Guide vii

53-1000605-04
viii Access Gateway Administrator’s Guide
53-1000605-04
Figures
Figure 1 Access Gateway and fabric switch comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Figure 2 Port usage comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 3 Example F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 4 Example 1 and 2 Failover policy behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Figure 5 Failback policy behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 6 Port grouping behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 7 Port Group 1 (pg1) setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 8 Port Group Zero (pg0) setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 9 Access Gateway cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Figure 10 Initialized ports in Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Figure 11 Example of adding an external F_Port (F9) on an embedded switch . . . . . . . . . 45
Access Gateway Administrator’s Guide ix

53-1000605-04
x Access Gateway Administrator’s Guide
53-1000605-04
Tables
Table 1 Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3

Table 2 Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Table 3 Description of F_Port-to-N_Port mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Table 4 Policy enforcement matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Table 5 Access Gateway trunking considerations for the Edge switch . . . . . . . . . . . . . . 22
Table 6 PWWN format for F_Port and N_Port trunk ports. . . . . . . . . . . . . . . . . . . . . . . . . 24
Table 7 Address identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Table 8 OUI IDs that require special treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Table 9 Port state description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Table 10 Access Gateway default F_Port-to-N_Port mapping. . . . . . . . . . . . . . . . . . . . . . . 50
Table 11 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Access Gateway Administrator’s Guide xi

53-1000605-04
xii Access Gateway Administrator’s Guide
53-1000605-04
About This Document
• How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

• Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
• What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
• Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
• Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
• Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
• Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
• Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
How this document is organized

This document is a procedural guide to help SAN administrators configure and manage Brocade
Access Gateway.
This preface contains the following components:
• Chapter 1, “Getting Started” describes how to use Access Gateway to create seamless
connectivity to any Storage Area Network (SAN) fabric.
• Chapter 2, “Enabling Policies on Switches in Access Gateway Mode”describes how to enable
policies on a switch in Access Gateway mode.
• Chapter 3, “Connecting Devices Using Access Gateway” describes how to connect multiple
devices using Access Gateway.
• Chapter 4, “Configuring Ports in Access Gateway mode” describes how to configure ports in
Access Gateway mode.
• Appendix A, “Troubleshooting” provides symptoms and troubleshooting tips to resolve issues.
Supported hardware and software

Although many different software and hardware configurations are tested and supported by
Brocade Communications Systems, Inc. For 6.1.1, documenting all possible configurations and
scenarios is beyond the scope of this document. All Fabric OS switches must be running v5.1 or
later; all M-EOS switches must be running M-EOSc 9.1 or later, M-EOSn must be running 9.6.2 or
later, and Cisco switches with SAN OS must be running 3.0 (1) and 3.1 (1) or later. Access Gateway
supports 4 and 8 Gbit bladed servers and blades.
Access Gateway Administrator’s Guide xiii

53-1000605-04
What’s new in this document
The following changes have been made since this document was last released:
Information that was added
• Cascading Access Gateways
• Platforms
• Brocade 300 and 4424
• 16-bit routing (8 Gbps platforms only)
• Performance
• Access Gateway masterless trunking
• Seamless failover
• Security
• Advance Device Security policy
• Enhanced routing
For further information, refer to the release notes.
Document conventions
This section describes text formatting conventions and important notices formats.
Text formatting
The narrative-text formatting conventions that are used in this document are as follows:
bold text Identifies command names
Identifies the names of user-manipulated GUI elements
Identifies keywords and operands
Identifies text to enter at the GUI or CLI
italic text Provides emphasis
Identifies variables
Identifies paths and Internet addresses
Identifies document titles
code text Identifies CLI output
Identifies syntax examples
For readability, command names in the narrative portions of this guide are presented in mixed
lettercase: for example, switchShow. In actual examples, command lettercase is often all
lowercase. Otherwise, this manual specifically notes those cases in which a command is case
sensitive. The ficonCupSet and ficonCupShow commands are an exception to this convention.
Command syntax conventions

Command syntax in this manual follows these conventions:
xiv Access Gateway Administrator’s Guide

53-1000605-04
command Commands are printed in bold.
--option, option Command options are printed in bold.
-argument, arg Arguments.
[] Optional element.
variable Variables are printed in italics. In the help pages, values are underlined or
enclosed in angled brackets < >.
... Repeat the previous element, for example “member[;member...]”
value Fixed values following arguments are printed in plain font. For example,
--show WWN
| Boolean. Elements are exclusive. Example: --show -mode egress | ingress
Notes, cautions, and warnings

The following notices appear in this document.
NOTE
A note provides a tip, emphasizes important information, or provides a reference to related
information.
ATTENTION
An Attention statement indicates potential damage to hardware or data.
CAUTION
A Caution statement alerts you to situations that can be potentially hazardous to you.
DANGER
A Danger statement indicates conditions or situations that can be potentially lethal or extremely
hazardous to you. Safety labels are also attached directly to products to warn of these conditions
or situations.
Key terms
For definitions of SAN-specific terms, visit the Storage Networking Industry Association online
dictionary at: http://www.snia.org/education/dictionary.
For definitions specific to Brocade and Fibre Channel, see the Brocade Glossary.
The following terms are used in this manual to describe Access Gateway mode and its components.
Access Gateway Administrator’s Guide xv

53-1000605-04
Access Gateway (AG)
Fabric OS mode for embedded switches that reduces SAN (storage area
network) deployment complexity by leveraging NPIV (N_Port ID virtualization).
E_Port An ISL (Interswitch link) port. A switch port that connects switches together to
form a fabric.
Edge switch A fabric switch that connects host, storage, or other devices, such as Brocade
Access Gateway, to the fabric.
F_Port A fabric port. A switch port that connects a host, HBA (host bus adaptor), or
storage device to the SAN. On Brocade Access Gateway, the F_Port connects
to a host only and target.
Mapping On the Brocade Access Gateway, the configuration of F_Port to N_Port routes.
N_Port A node port. A Fibre Channel host or storage port in a fabric or point-to-point
connection. On Brocade Access Gateway, the N_Port connects to the Edge
switch.
NPIV N_Port ID virtualization. Allows a single Fibre Channel port to appear as
multiple, distinct ports providing separate port identification and security
zoning within the fabric for each operating system image as if each operating
system image had its own unique physical port.
Preferred Secondary N_Port
On the Brocade Access Gateway, the preferred secondary N_Port refers to the
secondary path that and F_Port failovers to if the primary N_Port goes offline.
Additional information
This section lists additional Brocade and industry-specific documentation that you might find
helpful.
Brocade resources
To get up-to-the-minute information, join Brocade Connect. It’s free! Go to http://www.brocade.com
and click Brocade Connect to register at no cost for a user ID and password.
For practical discussions about SAN design, implementation, and maintenance, you can obtain
Building SANs with Brocade Fabric Switches through:
http://www.amazon.com
For additional Brocade documentation, visit the Brocade SAN Info Center and click the Resource
Library location:
http://www.brocade.com
Release notes are available on the Brocade Connect Web site and are also bundled with the Fabric
OS firmware.
xvi Access Gateway Administrator’s Guide

53-1000605-04
Other industry resources
• White papers, online demos, and data sheets are available through the Brocade Web site at
http://www.brocade.com/products/software.jhtml.
• Best practice guides, white papers, data sheets, and other documentation is available through
the Brocade Partner Web site.
For additional resource information, visit the Technical Committee T11 Web site. This Web site
provides interface standards for high-performance and mass storage applications for Fibre
Channel, storage management, and other applications:
http://www.t11.org
For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web
site:
http://www.fibrechannel.org
Optional Brocade features

For a list of optional Brocade features and descriptions, see the Fabric OS Administrator’s Guide.
Getting technical help

Contact your switch support supplier for hardware, firmware, and software support, including
product repairs and part ordering. To expedite your call, have the following information available:
1. General Information
• Technical Support contract number, if applicable
• Switch model
• Switch operating system version
• Error numbers and messages received
• supportSave command output
• Detailed description of the problem, including the switch or fabric behavior immediately
following the problem, and specific questions
• Description of any troubleshooting steps already performed and the results
• Serial console and Telnet session logs
• Syslog message logs
2. Switch Serial Number
The switch serial number and corresponding bar code are provided on the serial number label,
as shown here.
:
*FT00X0054E9*
FT00X0054E9
The serial number label is located as follows:
Access Gateway Administrator’s Guide xvii

53-1000605-04
• Brocade 200E and 300—On the nonport side of the chassis
• Brocade 4100, 4900, 7500, and 7500E—On the switch ID pull-out tab located inside the
chassis on the port side on the left
• Brocade 5000—On the switch ID pull-out tab located on the bottom of the port side of the
switch
• Brocade 7600—On the bottom of the chassis
• Brocade 48000—Inside the chassis next to the power supply bays
• Brocade DCX—On the bottom right on the port side of the chassis
3. World Wide Name (WWN)
• Use the wwn command to display the switch WWN.
• If you cannot use the wwn command because the switch is inoperable, you can get the
WWN from the same place as the serial number.
Document feedback
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and
completeness of this document. However, if you find an error or an omission, or you think that a
topic needs further development, we want to hear from you. Forward your feedback to:
documentation@brocade.com
Provide the title and version number of the document and as much detail as possible about your
comment, including the topic heading and page number and your suggestions for improvement.
xviii Access Gateway Administrator’s Guide

53-1000605-04
Chapter
Getting Started 1
In this chapter
• Brocade Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
• Fabric OS features in Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . 2
• Access Gateway port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
• How Access Gateway maps ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
• Upgrade and downgrade considerations for switches in AG mode . . . . . . . . 6
Brocade Access Gateway

This chapter describes how to create seamless connectivity to any Storage Area Network (SAN)
fabric using Access Gateway (AG). It provides information on how to set the port types, port
mappings, and the policies to ensure a stable fabric.
AG is compatible with Fabric OS, M-EOS, and Cisco-based fabrics. Enabling and disabling AG mode
on a switch can be performed from the command line interface (CLI) or using Web Tools, Fabric
Manager or EFCM. This document describes configurations using the CLI commands.
Brocade Access Gateway is a Fabric OS feature that lets you configure your Enterprise fabric to
handle additional N_Ports instead of domains. You do this by configuring F_Ports to connect to the
fabric as N_Ports, which increases the number of device ports you can connect to a single fabric.
Multiple AGs can connect to the DCX enterprise-class platform, directors, and switches.
After you set a Fabric OS switch to AG mode, the F_Ports connect to the Enterprise fabric as
N_Ports rather than as E_Ports. They connect as E_Ports if the Fabric OS switch is in its Native
switch mode. Figure 1 shows a comparison of a configuration that connects eight hosts to a fabric
using AG to the same configuration with Fabric OS switches in Native mode.
Switches in AG mode are logically transparent to the host and the fabric. You can increase the
number of hosts to have access to the fabric without increasing the number of switches. This
simplifies configuration and management in a large fabric by reducing the number of domain IDs
and ports.
Access Gateway Administrator’s Guide 1

53-1000605-04
1 Fabric OS features in Access Gateway mode
FIGURE 1 Access Gateway and fabric switch comparison
The following points summarize the differences between a Fabric OS switch in Native mode and a
Fabric OS switch in AG mode:
• The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as
many physical ports, consumes fabric resources, and can connect to a Fabric OS fabric only.
• AG is outside of the fabric; it reduces the number of switches in the fabric and the number of
required physical ports. You can connect AG to either a Fabric OS, M-EOS, or Cisco-based
fabric.
Fabric OS features in Access Gateway mode

When a switch is behaving as an Access Gateway, RBAC features in Fabric OS are available, but
Admin Domains, Advanced Performance Monitoring, direct connection to SAN target devices, Fibre
Channel Arbitrated Loop support, FICON, IP over FC, extended fabrics, management platform
services, name services (SNS), port mirroring, SMI-S, and zoning are not available or no longer
applicable.
Table 1 lists Fabric OS components that are supported on a switch when AG mode is enabled. “No”
indicates that the feature is not provided in AG mode. “NA” indicates this feature is not applicable
in Access Gateway mode of operation. ‘*’ indicates the feature is transparent to AG, that is AG
forwards the request to the Enterprise fabric. If the Enterprise fabric is not a Brocade fabric, then
certain features may not be available. These features are indicated by ‘**”.
Security enforcement can be done in either the Enterprise fabric using the DCC policy or in the
Access Gateway module using Advanced Device Security (ADS) policy. The ADS policy secures
virtual and physical connections to the SAN. When you enable the ADS policy, by default, every
F_Port is configured to allow all devices to login or be a part of the Access List. The Allow list
restricts the devices that can log into a specific F_Port. Because all WWNs are a part of the Access
List, you can identify which devices are allowed to log in on a per F_Port basis by specifying the
device’s port WWN(PWWN). See the Fabric Command Reference on using the ag --adsset
command to set the “Allow List” to All Access or No Access. Alternatively the security policy can be
established in the Enterprise fabric. For information on the ADS policy, see “Setting which devices
can log in if ADS policy is enabled” on page 8 or “Setting which devices cannot log in if ADS policy is
enabled” on page 9.
2 Access Gateway Administrator’s Guide

53-1000605-04
Fabric OS features in Access Gateway mode 1
TABLE 1 Fabric OS components supported on Access Gateway

Feature Support
Access Control Yes (limited roles)

Audit Yes
Beaconing Yes
Config Download/Upload Yes
DHCP Yes
Environmental Monitor Yes
Error Event Management Yes
Extended Fabrics No
Fabric Device Management Interface (FDMI) Yes*
Fabric Manager Yes**
Fabric Watch Yes (limited)
FICON (includes CUP) No
High Availability Hot Code Load
IpoverFC Yes*
Native Interoperability Mode NA
License Yes**
Log Tracking Yes
Management Server NA
Manufacturing Diagnostics Yes
N_Port ID Virtualization Yes
Name Server NA
Network Time Protocol (NTP) No (no relevance from fabric perspective. In
embedded switch, time should be updated by
server management utility.
Open E_Port NA
Performance Monitor Yes (Basic PM only, no APM support)
Port Mirroring No
QuickLoop, QuickLoop Fabric Assist No
Security Partial (only DCC policy)
SNMP Yes
Speed Negotiation Yes
Trunking Yes**
ValueLineOptions (Static POD, DPOD) Yes
Web Tools Yes
Zoning, Admin Domains NA

53-1000605-04
1 Access Gateway port types
Access Gateway port types

Access Gateway differs from a typical fabric switch because it is not a switch; instead, it is a mode
that you enable on a switch using the ag command. After a switch is set in ag mode, it can connect
to the fabric using node ports (N_Ports). Typically fabric switches connect to the Enterprise fabric
using ISL (InterSwitch Link) ports, such as E_Ports.
Following are the Fibre Channel (FC) ports that AG uses:
• F_Port - fabric port that connects a host, HBA, or storage device to a switch in AG mode.
• N_Port - node port that connects a switch in AG mode to the F_Port of the fabric switch.
Comparison of Access Gateway ports to standard switch ports

Access Gateway multiplexes host connections to the fabric. It presents an F_Port to the host and an
N_Port to an Edge fabric switch. Using N_Port ID virtualization (NPIV), AG allows multiple FC
initiators to access the SAN on the same physical port. This reduces the hardware requirements
and management overhead of hosts to the SAN connections.
A fabric switch presents F_Ports (or FL_Ports) and storage devices to the host and presents
E_Ports, VE_Ports, or EX_Ports to other switches in the fabric. A fabric switch consumes SAN
resources, such as domain IDs, and participates in fabric management and zoning distribution. A
fabric switch requires more physical ports than AG to connect the same number of hosts.
Figure 2 shows a comparison of the types of ports a switch in AG mode uses to the type of ports
that a standard fabric switch uses.
Access Gateway Ports

Switch in AG mode Fabric
Hosts
Edge Switch
N_Port F_Port
F_Port
N_Port NPIV
enabled
N_Port F_Port
Fabric Switch Ports

Fabric
Switch in standard
Hosts default mode Fabric Switch
N_Port F_Port E_Port E_Port
N_Port F_Port E_Port E_Port
FIGURE 2 Port usage comparison

53-1000605-04
How Access Gateway maps ports 1
Table 2 shows a comparison of port configurations with AG to a standard fabric switch.
TABLE 2 Port configurations

Port Type Access Gateway Fabric switch
F_Port Yes Connects hosts and targets to Yes Connects devices, such as hosts, HBAs,
Access Gateway. and storage to the fabric.
N_Port Yes Connects Access Gateway to a fabric NA N_Ports are not supported.
switch.
E_Port NA ISL is not supported.1 Yes Connects the switch to other switches to
form a fabric.
1. The switch is logically transparent to the fabric, therefore it does not participate in the SAN as a fabric switch.
How Access Gateway maps ports

Access Gateway uses mapping—that is, pre-provisioned routes—to direct traffic from the hosts to
the fabric. When you first enable a switch to AG mode, by default, the F_Ports are mapped to a set
of predefined N_Ports. For the default F_Port-to-N_Port mapping, see Table 10 on page 50. If
required, you can manually change the default mapping. Figure 3 shows a mapping with eight
F_Ports evenly mapped to four N_Ports on a switch in AG mode. The N_Ports connect to the same
fabric through different Edge switches.
Hosts Access Gateway Fabric
Edge Switch
Host_1 F_1 (Switch_A)
F_A1
N_1 NPIV
Host_2 F_2
enabled
F_A2
N_2 NPIV
Host_3 F_3 enabled
Edge Switch
(Switch_B)
Host_4 F_4
F_B1
N_3 NPIV
enabled
Host_5 F_5
F_B2
N_4 NPIV
enabled
Host_6 F_6
Host_7 F_7
Host_8 F_8
FIGURE 3 Example F_Port-to-N_Port mapping

53-1000605-04
1 Upgrade and downgrade considerations for switches in AG mode
TABLE 3 Description of F_Port-to-N_Port mapping

Access Gateway Fabric
F_Port N_Port Edge switch F_Port
F_1, F_2 N_1 Switch_A F_A1

F_3, F_4 N_2 Switch_A F_A2
F_5, F_6 N_3 Switch_B F_B1
F_7, F_8 N_4 Switch_B F_B2
Upgrade and downgrade considerations for switches in AG mode

Downgrading to Fabric OS v6.1.0 or earlier is supported; however, you must first disable the switch
from AG mode. Note the following considerations when upgrading and downgrading from Fabric OS
v6.1.1 to Fabric OS v6.1.0 and earlier:
• Downgrades to v6.0.0 or lower Fabric OS versions is not allowed if any F_Port trunk is
active.
• Trunking must be disabled before downgrading to Fabric OS v6.0.0 or lower.
• When a switch is set in AG mode, if you downgrade to v6.0.0x, all preferred Failover
settings are lost.
Considerations with policies enabled

Note the following upgrade and downgrade considerations when the Brocade policies are enabled.
Advance Device Security policy

If ADS is enabled, downgrading to v6.0 is allowed, however the ADS policy is not supported in
v6.0.0.
Automatic Port Configuration policy

If you upgrade from Fabric OS v6.0.x to Fabric OS 6.1.1, by default, the APC policy is disabled. If the
APC is enabled, you can downgrade from Fabric OS 6.1.1 to Fabric OS v6.0.0.
Port Grouping policy

If you upgrade from v6.0.0 to 6.1.1, then the PG policy is enabled with the default port group pg0
containing all the N_Ports. If the PG policy is enabled, you can downgrade from Fabric OS 6.1.1 to
Fabric OS v6.0.0.

53-1000605-04
Chapter
Enabling Policies on Switches in Access Gateway Mode 2
In this chapter
• Access Gateway policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
• Advanced Device Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
• Automatic Port Configuration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
• Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
• Failback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
• Cold Failover policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
• Port Grouping policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
• Access Gateway policy enforcement matrix. . . . . . . . . . . . . . . . . . . . . . . . . . 20
• Access Gateway trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
• Configuration management for trunk areas . . . . . . . . . . . . . . . . . . . . . . . . . 27
• Access Gateway Cascading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Access Gateway policies

This chapter provides information and procedures for enabling policies on switches in Access
Gateway mode.
Brocade policy-based approach lets you restrict or filter traffic on standard Fabric OS switches and
switches in Access Gateway mode. You can enable the following policies on a switch in Access
Gateway mode:
• Advance Device Security policy (ADS)
• Automatic Port Configuration policy (APC)
• Port Grouping policy (PG)
Showing current policies

You can run the following command to see which policies are enabled or disabled on a switch.
1. Connect to the switch and log in as admin.
2. Enter the ag --policyshow command.
switch:admin> ag --policyshow
Policy_Description Policy_Name State
--------------------------------------------------
Port Grouping pg Enabled
Auto Port Configuration auto Disabled
Advanced Device Security ads Enabled

53-1000605-04
2 Advanced Device Security policy
Advanced Device Security policy

The Advanced Device Security (ADS) policy is supported on AG F_Ports. Fabric OS v6.1.1 extends
the DCC policy to switches in AG mode to provide an additional level of security. It does this by
extending the DCC policy to the physical F_Ports and the NPIV logins on F_Ports. As more physical
servers become virtual, virtual servers can become vulnerable and security becomes an integral
part of server IO virtualization. This security policy is a mechanism that restricts fabric connectivity
to a set of devices that you can specify or allow to log in to the fabric connected through a switch in
AG mode. By default, the ADS policy is not enabled. After you set a switch in AG mode, you can
enable the ADS policy, and then specify which devices to allow at login on a per F_Port basis.
Security enforcement can also be done in the Enterprise fabric; the DCC policy in the Enterprise
fabric takes precedence over the ADS policy. When you enable the ADS policy, it applies to all the
ports on the switch. By default, all devices have access to the fabric on all ports.
Enabling the Advanced Device Security policy

2. Enter the ag --policyenable ads command.
switch:admin> ag --policyenable ads
The policy ADS is enabled
Disabling the Advanced Device Security policy

2. Enter the ag --policydisable ads command.
switch:admin> ag --policydisable ads
The policy ADS is disabled
Setting which devices can log in if ADS policy is enabled

You can determine which devices are allowed to log in on a per F_Port basis by specifying the
device’s port WWN (PWWN). Use the ag --adsset command to determine which devices are
allowed to log in to a specified set of F_Ports. Lists must be enclosed in double quotation marks.
List members must be separated by semicolons. The maximum number of entries in the allowed
device list is twice the per port maximum log in count. Replace the WWN list with an asterisk (*) to
indicate all access on the specified F_Port list. Replace the F_Port list with an asterisk (*) to add
the specified WWNs to all the F_Ports' allow lists. A blank WWN list (““) indicates no access. The
ADS policy must be enabled for this command to succeed.
NOTE
Use an asterisk enclosed in quotation marks,“*”, to set the Allow list to “All Access” to all F_Ports;
use a pair of double quotation marks ("") to set the Allow list to “No Access”.
Note the following characteristics of the Allow List:

• The maximum device entries allowed in the Allow List is twice the per port max login count
• Each port can be configured to “not allow any device” or “to allow all the devices” to log in
• If the ADS policy is enabled, by default, every port is configured to allow all devices to log in

53-1000605-04
Advanced Device Security policy 2
• The same Allow List can be specified for more than one F_Port.
This example show how to set the list of allowed devices for ports 1, 10, and 13 to all access:
2. Enter the ag --adsset “1;10;13”“*” command.
switch:admin> ag–-adsset“1;10;13”“*”
WWN list set successfully as the Allow Lists of the F_Port[s]
Setting which devices cannot log in if ADS policy is enabled

This example show how to set the list of allowed devices for ports 11 and 12 to no access:
2. Enter the ag --adsset “11;12 ““ command.
switch:admin > ag –-adsset “11;12” “”
WWN list set successfully as the Allow Lists of the F_Port[s]
Removing devices from the list of devices allowed at login

Use the ag --adsdel command to delete the specified WWNs from the list of devices allowed to log
in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must
be separated by semicolons. Replace the F_Port list with an asterisk (*) to remove the specified
WWNs from all the F_Ports' allow lists. The ADS policy must be enabled for this command to
succeed.
For example, to remove two devices from the list of allowed devices for ports 3 and 9, use the
following syntax:
ag--adsdel "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"

2. Enter the ag --adsdel “3;9 ““ "22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b"
command.
switch:admin> ag --adsdel "3;9"
"22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b"
WWNs removed successfully from Allow Lists of the F_Port[s]Viewing F_Ports
allowed to login
Adding new devices to the list of devices allowed at login

Use the adsadd command to add the specified WWNs to the list of devices allowed to log in to the
specified F_Ports. Lists must be enclosed in double quotation marks. List members must be
separated by semicolons. Replace the F_Port list with an asterisk (*) to add the specified WWNs to
all the F_Ports' allow lists. The ADS policy must be enabled for this command to succeed.
For example, to add two new devices to the list of allowed devices for ports 3 and 9, use the
following syntax:
ag--adsadd "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"

53-1000605-04
2 Automatic Port Configuration policy

2. Enter the ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" command.
switch:admin> ag --adsadd "3;9"

"20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b"
WWNs added successfully to Allow Lists of the F_Port[s]
Displaying the list of devices on the switch

2. Enter the ag --adsshow command.
switch:admin> ag --adsshow
F_Port WWNs Allowed
--------------------------------------------------------------------------
1 ALL ACCESS
3 20:03:08:00:88:35:a0:12
21:00:00:e0:8b:88:01:8b
9 20:03:08:00:88:35:a0:12
21:00:00:e0:8b:88:01:8b
10 ALL ACCESS
11 NO ACCESS
12 NO ACCESS
13 ALL ACCESS
--------------------------------------------------------------------------
Automatic Port Configuration policy

Automatic Port Configuration (APC) is an optional AG policy and is disabled by default. When the
APC is enabled, the Access Gateway module automatically discovers the port type. For example,
when a switch in AG mode is connected to a port, AG configures the port as an N_Port. If a host is
connected to a port on Access Gateway, then AG determines that it is connected and configures the
port as an F_Port.
After all the port types are determined, dynamic mapping between F_Ports and N_Ports is created
and F_Ports are evenly distributed across all N_Ports. While the APC is enabled, you cannot
manually configure F_Port-to-N_Port mapping.
ATTENTION
Enabling the APC policy is disruptive to F_Ports and N_Ports. You must disable the module before
you enable the APC policy because when you enable the APC policy, existing F_Port-to-N_Port
mappings are deleted. Because the APC policy enforcement erases port mappings existing on the
switch, it is recommended to perform a configupload before enabling the APC policy. After you
enable the APC policy, the policy immediately takes effect; a reboot is not required. When you disable
the APC policy, the N_Port configuration and the F_Port-to-N_Port mapping revert back to the default
factory configuration for that platform.
The APC policy is mutually exclusive with the Port Grouping policy. When the APC policy is enabled
on a switch connected to multiple fabrics, no attempt is made by AG to restrict failover behavior
even if the N_Ports are connected to unrelated fabrics. Do not to use the APC policy when Access
Gateway is connected to multiple fabrics.

53-1000605-04
Automatic Port Configuration policy 2
NOTE
When in Access Gateway mode, the Automatic Port Configuration policy may not work when attached
to M-EOS switches. M-EOS ports should be set to G_Port to prevent problems with port type
discovery. Ports 16-47 on the FC8-48 blade may not be used for AG F_Port Trunking connections.
Enabling the Automatic Port Configuration policy

2. Ensure that the switch is disabled, enter the switchdisable command
3. Enter the ag --policyenable auto command to enable the APC policy.
switch:admin> ag --policyenable auto
All Port related Access Gateway configurations will be lost.
Please save the current configuration using configupload.
Do you want to continue? (yes, y, no, n): [no] y
4. Enter the configupload command to save the switch’s current configuration.

5. At the command prompt, type Y to enable the policy.
The switch is ready; a reboot is not required.
Disabling the Automatic Port Configuration policy

1. Connect and log in to the switch.
2. Enter the command ag --policydisable auto to disable the APC policy.
3. At the command prompt, type Y to disable the policy.
switch:admin> ag --policydisable auto
Default factory settings will be restored.
Default mappings will come into effect.
Please save the current configuration using configupload.
Do you want to continue? (yes, y, no, n): [no] y
Access Gateway configuration has been restored to factory default
4. Enter the switchenable command to enable the switch.
Rebalancing F_Ports with APC policy enabled

When the APC policy is enabled, there are no static mappings between F_Ports and N_Ports and no
F_Ports are tied to a specific N_Port. When an F_Port comes online after the initial mapping is
done, the F_Ports are automatically routed through one of the available N_Ports such that the
F_Ports are evenly balanced across all the available N_Ports. Similarly, if a new N_Port comes
online after the initial F_Port initialization, some of the F_Ports being routed through existing
N_Ports will fail over to the new N_Port, if rebalancing is needed.
NOTE
Because of the disruption caused by the redistribution of F_Ports, it is recommended to add new
N_Ports to the module. For more information on adding N_Ports, see “Adding an N_Port to a port
group” on page 19.

53-1000605-04
2 Failover policy
Failover policy
Access Gateway Failover and Failback policies ensure maximum uptime for the servers. When a
port is configured as an N_Port and if by default, the Failover policy is enabled, F_Ports are not
disabled if its N_Port goes off line. If you specify a Preferred Secondary N_Port for any of the
F_Ports, and if the N_Port goes offline, the F_Ports will fail over to the Preferred Secondary N_Port,
and then re-enable. The specified Preferred Secondary N_Port must be online; otherwise, the
F_Ports will become disabled.
Alternatively, if a Preferred Secondary N_Port is not set for any of F_Ports, the F_Ports will fail over
to other online N_Ports belonging to the same N_Port group, and then re-enable. The FLOGI and
FDISC requests are forwarded from F_Ports through the new N_Port. If multiple N_Ports are
available as candidates for failover, Access Gateway selects one or more N_Ports so that the
F_Ports are evenly balanced across all the N_Ports.
NOTE
Failover of F_Ports to new a N_Port generates a RASLOG message.
The Failover policy allows hosts to automatically remap to an online N_Port if the primary N_Port
goes offline. The Failover policy is enabled (or enforced) during power-up. The Failover policy evenly
distributes the F_Ports that are mapped to an offline N_Port among all the online N_Ports. The
Failover policy is a parameter of each N_Port. By default, the Failover policy is enabled for all
N_Ports.
The following sequence describes how a failover event occurs:
• An N_Port goes offline.
• All F_Ports mapped to that N_Port are disabled.
• If the N_Port Failover policy is enabled, and a Preferred Secondary N_Port is specified for the
F_Port and that N_Port is online, the F_Port fails over to the respective Preferred Secondary
N_Port, and then re-enables.
NOTE
The Preferred Secondary N_Port is defined per F_Port. For example, if two F_Ports are mapped
to a primary N_Port1, you can define a secondary N_Port for one of those F_Ports and not
define a secondary N_Port for the other F_Port. Typically, this is done by the server
administrator. You must determine whether you want to define a preferred secondary map for
each of the servers or just a subset of the servers.
• If the Preferred Secondary N_Port is not online, those F_Ports are disabled.
• If the Preferred Secondary N_Port is not set for any of the F_Ports, those F_Ports will fail over
to other available N_Ports belonging to the same N_Port group, and then re-enable.
• The host establishes a new connection with the fabric.
Example: Failover Policy
This example shows the failover behavior in a scenario where two fabric ports go offline, one after
the other. Note that this example assumes that no Preferred Secondary N_Port is set for any of the
F_Ports.
• First the Edge switch F_A1 port goes offline, as shown in Figure 4 on page 13 Example 1 (left),
causing the corresponding Access Gateway N_1 port to be disabled.
The ports mapped to N_1 fail over; F_1 fails over to N_2 and F_2 fails over to N_3.

53-1000605-04
Failover policy 2
• Next the F_A2 port goes offline, as shown in Figure 4 on page 13 Example 2 (right), causing
the corresponding Access Gateway N_2 port to be disabled.
The ports mapped to N_2 (F_1, F_3, and F_4) fail over to N_3 and N_4. Note that the F_Ports
are evenly distributed to the remaining online N_Ports and that the F_2 port did not participate
in the failover event.
Example 1 Example 2
Hosts Access Gateway Hosts Access Gateway
Host_1 F_1 Fabric Host_1 F_1 Fabric

Edge Switch Edge Switch
(Switch_A) (Switch_A)
Host_2 F_2 Host_2 F_2
F_A1 F_A1
N_1 NPIV N_1 NPIV
enabled enabled
F_A2 F_A2
N_2 NPIV N_2 NPIV
enabled enabled
Edge Switch Edge Switch
(Switch_B) (Switch_B)
Host_5 F_5 F_B1 Host_5 F_5 F_B1
N_3 NPIV N_3 NPIV
enabled enabled
Host_6 F_6 F_B2 Host_6 F_6 F_B2

N_4 NPIV N_4 NPIV
enabled enabled
Legend
Physical connection
Mapped online
Failover route online
Original mapped route
(offline)
FIGURE 4 Example 1 and 2 Failover policy behavior
Enabling the Failover policy

2. Enter the ag command with the --failovershow <n_portnumber> operand to display the
failover setting.
switch:admin> ag --failovershow 13
Failover on N_Port 13 is not supported
3. Enter the ag command with the --failoverenable <n_portnumber> operand to enable failover.
switch:admin> ag --failoverenable 13
Failover policy is enabled for port 13

53-1000605-04
2 Failback policy
Enabling the Failover policy

failover setting.
Failover on N_Port 13 is not supported
3. Enter the ag command with the --failoverenable <n_portnumber> operand to enable failover.
switch:admin> ag --failoverenable 13
Failover policy is enabled for port 13
Disabling the Failover policy

failover setting.
Failover on N_Port 13 is supported
3. Enter the ag --failoverdisable <n_portnumber> operand to disable failover.

switch:admin> ag --failoverdisable 13
Failover policy is disabled for port 13
Failback policy
The Failback policy automatically reroutes the F_Ports back to the primary mapped N_Ports as
those N_Ports come back online, if the Failback policy is enabled for the N_Port.
Only the originally mapped F_Ports fail back. In the case of multiple N_Port failures, only F_Ports
that were mapped to the recovered N_Port experience failback. The remaining F_Ports are not
redistributed among the online N_Ports during the failback. If the APC policy is enabled, by default,
the failback policy is disabled.
NOTE
The Failback policy is an N_Port parameter. By default, the Failback policy is enabled.
The following sequence describes how a failback event occurs:

• When an N_Port comes back online, with the Failback policy enabled, the F_Ports that were
originally mapped to it are disabled.
• The F_Port is rerouted to the primary mapped N_Port, and then re-enabled.
• The host establishes a new connection with the fabric.
Example: Failback Policy
In Example 3, described in Figure 5 on page 15, the Access Gateway N_1 remains disabled
because the corresponding F_A1 port is offline. However, N_2 comes back online. See Figure 4 on
page 13 for the original fail over scenario.

53-1000605-04
Failback policy 2
The ports F_1 and F_2 are mapped to N_1 and continue routing to N_3. Ports F_3 and F_4, which
were originally mapped to N_2, are disabled and rerouted to N_2, and then enabled.
Example 3
Hosts Access Gateway Fabric
Edge Switch
Host_1 F_1 (Switch_A)
F_A1
N_1 NPIV
Host_2 enabled
F_2
F_A2
N_2 NPIV
Host_3 F_3 enabled
Edge Switch
(Switch_B)
Host_4 F_4
F_B1
N_3 NPIV
enabled
Host_5 F_5
F_B2
N_4 NPIV
enabled
Host_6 F_6
Host_7 F_7
Legend
Physical connection
Mapped online
Failover route online
Host_8 F_8 Original mapped route
(offline)
FIGURE 5 Failback policy behavior
Enabling the Failback policy

2. Enter the ag --failbackshow command with the n_portnumber operand to display the failover
setting.
switch:admin> ag --failbackshow 13
Failback on N_Port 13 is not supported
3. Enter the ag --failbackenable command with the n_portnumber operand to enable failover.
switch:admin> ag --failbackenable 13
Failback policy is enabled for port 13
Disabling the Failback policy

2. Enter the ag --failbackshow command with the n_portnumber operand to display the failback
setting.
switch:admin> ag --failbackshow 13
Failback on N_Port 13 is supported

53-1000605-04
2 Cold Failover policy
3. Enter the ag --failbackdisable command with the n_portnumber operand to disable failover.
switch:admin> ag --failbackdisable 13
Failback policy is disabled for port 13
Cold Failover policy

All F_Ports for an N_Port that goes offline are failed over to other N_Ports. However, if the N_Port
fails to come online after the switch comes online, it triggers cold failover of its F_Ports. If any of
these F_Ports have a Preferred Secondary N_Port set, and if the Preferred Secondary N_Port is
online, those F_Ports fail over to the Preferred Secondary N_Port during cold failover. If the
Preferred Secondary N_Port is not online, those F_Ports are disabled. If the Preferred Secondary
N_Port is not set for any of these F_Ports, these F_Ports failover to any N_Ports on the switch so
that the F_Ports are evenly balanced across all the N_Ports belonging to the same N_Port group.
Port Grouping policy

When connecting a switch in AG mode to multiple fabrics or isolating a subset of servers from other
servers, you can group a number of servers and its corresponding fabric ports. You can do this by
enabling the Port Grouping policy (PG), which can only be performed on N_Ports. Port groups
cannot be overlapped. This means that an N_Port cannot belong to two different groups.
The Failover and Failback policies remain the same within each port group and the Preferred
Secondary N_Port can only specify the N_Ports from the same port group. This is why it is
recommended to form groups before defining the preferred secondary path. This behavior is only in
Fabric OS v6.0.0. When upgrading from Fabric OS v6.0.0 to Fabric OS v6.1.1, the PG policy that was
enforced in Fabric OS v6.0.0 continues to be enforced in Fabric OS v6.1.1 and the port groups are
retained.
For example, Figure 8 on page 18 shows an example of pg0. If N_Port1 and 2 are in pg0 and
F_Ports 1 and 2 are using N_Port1 and N_Port1 goes offline, then F_Ports1 and 2 are routed
through N_Port2 because N_Port2 is in the same port group, pg0.
Figure 6 shows that if you create port groups and when an N_Port goes offline, the F_Ports being
routed through that port will fail over to any of the N_Ports that are part of that port group and are
currently active. For example, if N_Port4 goes offline then F_Ports7 and 8 are routed through to
N_Port 3 as long as N_Port 3 is online because both N_Ports3 and 4 belong to the same port
group, PG2. If no active N_Ports are available, the F_Ports are disabled. The F_Ports belonging to a
port group do not failover to N_Ports belonging to another port group.

53-1000605-04
Port Grouping policy 2
FIGURE 6 Port grouping behavior
When a dual redundant fabric configuration is used, F_Ports connected to a switch in AG mode can
access the same target devices from both of the fabrics. In this case, you must group the N_Ports
connected to the redundant fabric into a single port group. It is recommended to have paths fail
over to the redundant fabric when the primary fabric goes down.
FIGURE 7 Port Group 1 (pg1) setup
ATTENTION
If N_Ports are connected to unrelated fabrics are grouped together, N_Port failover within a port
group can cause the F_Ports to connect to a different fabric and the F_Ports may lose connectivity
to the targets they were connected to before the failover, thus causing I/O disruption as shown in
Figure 7.

53-1000605-04
2 Port Grouping policy
FIGURE 8 Port Group Zero (pg0) setup
You can create new port groups and add N_Ports to those groups. However, all N_Ports that are not
part of any user-created port group are part of the default port group pg0.
Because port groups cannot be overlapped, if you specify an N_Port as a Preferred Secondary
N_Port and it already belongs to another port group, the Port Group creation fails.
NOTE
If the PG policy is disabled while a switch in AG mode is online, all the user-defined port groups are
deleted, but the F_Port-to-N_Port mapping remain unchanged.
Creating a port group

2. Enter the command ag --pgcreate with the <PG_ID> “<N_Port1;N_Port2;…> [-n <PG_Name>]
operands. For example, to create a port group “FirstFabric” that includes N_Ports 1 and 3:
switch:admin> ag --pgcreate 3 "1;3" -n FirstFabric1
Port Group 3 created successfully
3. Enter the command ag --pgshow to verify the port group was created.
switch:admin> ag --pgshow
Port Group ID Port Group Name
------------------------------------
0 None pg0
2 0;2 SecondFabric
3 1;3 FirstFabric
------------------------------------

53-1000605-04
Port Grouping policy 2
Adding an N_Port to a port group

2. Enter the command ag --pgadd with the <PG_ID> “<N_Port1;N_Port2;…> operands.
If you add more than one N_Port you must separate them with a semicolon.
switch:admin> ag --pgadd 3 14
N_Port[s] are added to the port group 3
3. Enter the command ag --pgshow to verify the N_Port was added to the specified port group.
PG_ID N_Ports PG_Name
-----------------------------------------------------------------------------
0 15 pg0
3 12;13;14 Test
-----------------------------------------------------------------------------
Deleting an N_Port from a port group

2. Enter the command ag --pgdel with the <PG_ID> <N_Port1;N_Port2;…> operands.
switch:admin> ag --pgdel 3 13
N_Port[s] are added to the port group 3
3. Enter the command ag --pgshow to verify the N_Port was deleted from the specified port
group.
-----------------------------------------------------------------------------
0 13;15 pg0
3 12;14 Test
-----------------------------------------------------------------------------
Removing a port group

2. Enter the command ag --pgremove with the <PG_ID> operands.
switch:admin> ag --pgremove 3
Port Group 3 has been removed successfully
3. Enter the command ag --pgshow to verify the port group has been deleted.
-----------------------------------------------------------------------------
0 12;13;14;15 pg0
-----------------------------------------------------------------------------

53-1000605-04
2 Access Gateway policy enforcement matrix
Renaming a port group

2. Enter the command ag --pgrename with the <PG_ID> <newname> operands, for example, to
rename port group with pgid 2 to "MyEvenFabric":
switch:admin> ag --pgrename 2 MyEvenFabric
Port Group 2 has been renamed as MyEvenFabric successfully
3. Enter the command ag --pgshow to verify the port group has been renamed.
--------------------------------------
0 None pg0
2 0;2 MyEvenFabric
3 1;3 FirstFabric
Disabling the Port Group policy

2. Enter the command ag --policydisable with the pg operand.
switch:admin> ag --policydisable pg
3. Enter the command ag --pgshow to verify the Port Group policy is disabled.
switch:admin> ag --policyshow
AG Policy Policy Name State
----------------------------------------------------------
Port Grouping pg Disabled
Auto Port Configuration auto Disabled
Advance Device Security ADS Disabled
----------------------------------------------------------
Access Gateway policy enforcement matrix

The following table shows which combinations of policies can co-exist with each other.
TABLE 4 Policy enforcement matrix
Policies Auto Port Configuration Port Grouping N_Port Trunking ADS Policy
Auto Port Configuration NA Mutually exclusive Can co-exist Can co-exist
N_Port Grouping Mutually exclusive N/A Can co-exist Can co-exist
N_Port Trunking Can co-exist Can coexist N/A Can co-exist
ADS Policy Can co-exist Can co-exist Can co-exist N/A

53-1000605-04
Access Gateway trunking 2
Access Gateway trunking

On switches running in Access Gateway mode, the masterless trunking feature trunks N_Ports
because these are the only ports that connect to the Enterprise fabric. After you map or assign
F_Ports to an N_Port, the N_Port distributes frames across a set of available path links on the
module because these are the only ports that connect the Enterprise fabric to an adjacent Edge
switch. To use Access Gateway masterless trunking, all trunking must be configured on the Edge
switch. No configuration on the AG module is necessary. Following are the advantages of Access
Gateway trunking:
• When one or more N_Ports in a trunk group goes offline, there is no change in the PID for the
F_Port(s) that were mapped to the N_Port(s) as long as at least one N_Port in the trunk group
is active. This provides for a transparent failover and failback within the trunk group.
• Trunked links are more efficient because of the trunking algorithm implemented in the
switching ASICs that distributes the I/O more evenly across all the links in the trunk group.
• Trunk groups cannot span across multiple N_Port groups within an AG module in AG mode.
• Multiple trunk groups are allowed within the same N_Port group.
NOTE
On the Edge switch, this feature is called F_Port trunking or masterless F_Port trunking. Because
the entire configuration for AG Trunking is done on the Edge switch, the information here is
applicable to the Edge switch module and not the AG module. The only requirements on the AG
module is to ensure that the ISL Trunking license is installed.
Because you must configure the trunking on the Edge switch, F_Port trunking, provides a Trunk
group between N_Ports on the AG module and F_Ports on the Edge switch module. This feature
keeps AG’s F_Port(s) from becoming disabled in the case where an N_Port within the trunk group
fails. No failover occurs as long as there is at least one active link in the trunk group. With trunking,
any link within a trunk can go off line or become disabled, but the trunk remains fully functional
and no re-configuration is required.
Trunking prevents reassignments of the Port ID (also referred to as the Address Identifier as
described in Table 6 on page 24) when N_Ports go offline.
You must install the Brocade ISL license on both the Edge switch and the module running in AG
mode and you must ensure that both modules running Fabric OS v6.1.0 or later.
All ports within a trunk group must be part of the same port group; ports outside of a port group
cannot form a trunk group. For more information on Port Groups, see “Port Grouping policy” on
page 16.
NOTE
If a switch already has an ISL Trunking license, no new licenses is required to use it on AG N_Port
masterless trunking; Also, after a trunking license is installed on a switch in AG mode and you
change the switch to standard mode, you can keep the same license. Access Gateway does not work
on M-EOS or third party switches.
To implement F_Port masterless trunking on the Edge switch, you must first configure an F_Port
Trunk group and statically assign an Area_ID within the trunk group. Assigning a Trunk Area (TA) to a
port or trunk group enables F_Port masterless trunking on that port or trunk group. When a TA is
assigned to a port or trunk group, the ports will immediately acquire the TA as the area of its
process IDs (PID). And when a TA is removed from a port or trunk group, the ports reverts to the
default area as its PID.

53-1000605-04
2 Access Gateway trunking
Access Gateway trunking considerations for the Edge switch

TABLE 5 Access Gateway trunking considerations for the Edge switch
Category Description
Area assignment You statically assign the area within the trunk group on the Edge
switch. That group is the F_Port masterless trunk.
The static trunk area you assign must fall within the F_Port trunk
group starting from port 0 on a Edge switch or blade.
The static trunk area you assign must be one of the port’s default
areas of the trunk group.
Authentication Authentication occurs only on the F_Port trunk master port and
only once per the entire trunk. This behavior is same as E_Port
trunk master authentication. Because only one port in the trunk
does FLOGI to the switch, and authentication follows FLOGI on
that port, only that port displays the authentication details when
you issue the portshow command.
Note: Switches in Access Gateway mode do not perform

authentication.
Management Server Registered Node ID (RNID), Link Incident Record Registration
(LIRR), and (QSA) Query Security Attributes ELSs are not
supported on F_Port trunks.
Trunk area The port must be disabled before assigning a Trunk Area on the
Edge switch to the port or removing a Trunk Area from a trunk
group.
You cannot assign a Trunk Area to ports if the standby CP is

running a firmware version earlier than Fabric OS v6.1.1.
PWWN The entire Trunk Area trunk group share the same Port WWN
within the trunk group. The PWWN is the same across the F_Port
trunk that will have 0x2f or 0x25 as the first byte of the PWWN.
The TA is part of the PWWN in the format listed in Table 6 on
page 24.
Downgrade You can have trunking on, but you must disable the trunk ports
before performing a firmware downgrade.
Note: Removing a Trunk Area on ports running traffic is disruptive.

Use caution before assigning a Trunk Area if you need to
downgrade to a firmware earlier than Fabric OS v6.1.0.
Upgrade No limitations on upgrade to Fabric Os v6.1.0 if the F_Port is
present on switch. Upgrading is not disruptive.
HA Sync If you plug in a standby-CP with a firmware version earlier than
Fabric OS v6.1.0 and a Trunk Area is present on the switch, the CP
blades will become out of sync.
Port Types Only F_Port trunk ports are allowed on a Trunk Area port for Fabric
OS v6.1.0. All other port types that include F/FL/E/EX are
persistently disabled in Fabric OS v6.1.0.
Default Area Port X is a port that has its Default Area the same as its Trunk
Area. The only time you can remove port X from the trunk group is
if the entire trunk group has the Trunk Area disabled.

53-1000605-04

portCfgTrunkPort <port>, 0 portCfgTrunkPort <port>, 0 will fail if a Trunk Area is enabled on a

port. The port must be Trunk Area disabled first.
switchCfgTrunk 0 switchCfgTrunk 0 will fail if a port has TA enabled. All ports on a
switch must be TA disabled first.
Port Swap When you assign a Trunk Area to a trunk group, the Trunk Area
cannot be port swapped; if a port is swapped, then you cannot
assign a Trunk Area to that port.
Trunk Master No more than one trunk master in a trunk group. The second
trunk master will be persistently disabled with reason "Area has
been acquired”.
Fast Write When you assign a Trunk Area to a trunk group, the trunk group
cannot have fast write enabled on those ports; if a port is fast
write enabled, the port cannot be assigned a Trunk Area.
FICON FICON is not supported on F_port trunk ports. However, FICON
can still run on ports that are not F_Port trunked within the same
switch.
FC8-48 and FC4-48C blades F_Port masterless trunking is supported on ports 16-43 on the
FC8-48 blade. On the FC8-48 and FC4-48C blades F_Port
trunking supported only on ports 0 - 15.
FC4-32 blade If an FC4-32 (Electron) blade has the Trunk Area enabled on ports
16 - 31 and the blade is swapped with an FC4-48C and FC8-48
blade, the Trunk Area ports will be persistently disabled. You can
run the porttrunkarea command to assign a Trunk Area on those
ports.
Trunking You must first enable Trunking on the port before the port can
have a Trunk Area assigned to it.
PID format F_Port masterless trunking is only supported in CORE PID format.
Long Distance Long distance is not allowed on F_Port trunks, which means a
Trunk Area is not allowed on long distance ports; you cannot
enable long distance on ports that have a Trunk Area assigned to
them.
Port mirroring Port mirroring is not supported on Trunk Area ports or on the PID
of an F_Port trunk port.
configdownload If you issue the configdownload command for a port configuration
that is not compatible with F_Port trunking, and the port is Trunk
Area enabled, then the port will be persistently disabled.
Note: Configurations that are not compatible with F_Port trunking

are long distance, port mirroring, non-CORE_PID, and Fastwrite.
ICL Port F_Port trunks are not allowed on ICL Ports. The porttrunkarea
command does not allow it.
AD You cannot create a Trunk Area on ports with different Admin
Domains. You cannot create a Trunk Area in AD255.

53-1000605-04

DCC Policy DCC policy enforcement for the F_Port trunk is based on the Trunk
Area; the FDISC requests to a trunk port is accepted only if the
WWN of the attached device is part of the DCC policy against the
TA. The PWWN of the FLOGI sent from the AG will be dynamic for
the F_Port trunk master. Because you do not know ahead of time
what PWWN AG will use, the PWWN of the FLOGI will not go
through DCC policy check on an F_Port trunk master. However, the
PWWN of the FDISC will continue to go through DCC policy check.
D.I. Zoning Creating a Trunk Area may remove the Index ("I") from the switch
(D,I) AD to be grouped to the Trunk Area. All ports in a Trunk Area share
(D, I) DCC and (PWWN, I) DCC the same "I". This means that Domain,Index (D,I), which refer to
an "I", that might have been removed, will no longer be part of the
switch.
Note: Ensure to include AD, zoning and DCC when creating a

Trunk Area.
You can remove the port from the Trunk Area to have the "I" back
into effect. D,I will behave as normal, but you may see the effects
of grouping ports into a single "I".
Also, D,I continues to work for Trunk Area groups. The "I" can be
used in D,I if the "I" was the "I" for the Trunk Area group.
Note: “I” refers to Index and D,I refers to Domain,Index.

Two masters Two masters is not supported in the same F_Port trunk group.
QoS Not currently supported.
The following table describes the PWWN format for F_Port and N_Port trunk ports.
TABLE 6 PWWN format for F_Port and N_Port trunk ports
NAA = 2 2f:xx:nn:nn:nn:nn:nn:nn Port WWNs for: The valid range of xx is [0 - FF],
(1) switch’s FX_Ports. for maximum of 256.
NAA = 2 25:xx:nn:nn:nn:nn:nn:nn Port WWNs for: The valid range of xx is [0 - FF],

(1) switch's FX_Ports for maximum of 256.
Trunk group creation

Port trunking is enabled between two separate Fabric OS switches that support trunking and where
all the ports on each switch reside in the same quad and are running the same speed. Trunk
groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS
switch with ports in the same port group or quad. A port group or a quad is a set of sequential
ports, for example ports 0-3. The Brocade 300 switch supports a trunk group with up to eight ports.
The trunking groups are based on the user port number, with contiguous eight ports as one group,
such as 0 – 7, 8- 15, 16-23 and up to the number of ports on the switch.

53-1000605-04
Setting up F_Port trunking

F_Port trunking is enabled between two separate Fabric OS switches that support trunking and
where all the ports on each switch reside in the same quad and are running the same speed. Trunk
groups form when you connect two or more cables on one Fabric OS switch to another Fabric OS
switch with ports in the same port group or quad. A port group or a quad is a set of sequential
ports, for example ports 0-3 in the figure shown below. The Brocade 300 platform supports a trunk
group with up to eight ports. The trunking groups are based on the user port number, with
contiguous eight ports as one group, such as 0 – 7, 8- 15, 16-23 and up to the number of ports on
the switch.
2. Ensure that both modules (Edge switch and the switch running in AG mode) have the trunking
licenses enabled.
3. Ensure that the ports have trunking enabled by issuing the portcfgshow command. If Trunking
is not enabled, issue the portcfgtrunkport <port>, 1 command.
4. Ensure that ports will become the same speed within the trunk.
5. Ensure that Edge switch F_Port trunk ports are connected within the asic supported trunk
group on AG switch.
6. Ensure that both modules are running the same Fabric OS versions.
7. Configure the trunk on the Edge switch by assigning the Trunk Area (TA) using the “Assigning a
Trunk Area” procedure.
8. Enable F_Port trunking.
Assigning a Trunk Area

You must enable trunking on all ports to be included in a Trunk Area before you can create a Trunk
Area. Use the portCfgTrunkPort or switchCfgTrunk command to enable trunking on a port or on all
ports of a switch.
Issue the porttrunkarea command to assign a static TA on a port or port trunk group, to remove a
TA from a port or group of ports in a trunk, and to display masterless trunking information.
You can remove specified ports from a TA using the porttrunkarea --disable command; however
this command does not unassign a TA if its previously assigned Area_ID is the same address
identifier (Area_ID) of the TA unless all the ports in the trunk group are specified to be unassigned.
For more information on the porttrunkarea command, enter help porttrunkarea or see the Fabric
OS Command Reference. F_Port trunking will not support shared area ports 16 - 47 on the Brocade
FC8-48 and FC4-48C blades.

53-1000605-04
The following table shows an example of the Address Identifier.

TABLE 7 Address identifier
23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Domain ID Area_ID Port ID

Address Identifier

2. Disable the ports to be included in the TA.
3. Enable TA for ports 13 and 14 on slot 10 with port index of 125:
switch:admin> porttrunkarea --enable 10/13-14 -index 125
Trunk index 125 enabled for ports 10/13 and 10/14
4. Show the TA port configuration (ports still disabled):

switch:admin> porttrunkarea --show enabled
Slot Port Type State Master TI DI
-------------------------------------------
10 13 -- -- -- 125 125
10 14 -- -- -- 125 126
-------------------------------------------
5. Enable ports 13 and 14:

switch:admin> portenable 10/13
switch:admin> portenable 10/14
6. Show the TA port configuration after enabling the ports:

Slot Port Type State Master TI DI
-------------------------------------------
10 13 F-port Master 10/13 125 125
10 14 F-port Slave 10/13 125 126
Enabling the DCC policy on trunk

1. After you assign a Trunk Area, the porttrunkarea CLI checks whether there are any active DCC
policies on the port with the index TA, and then issues a warning to add all the device WWNs to
the existing DCC policy with index as TA.
All DCC policies that refer to an Index that no longer exist will not be in effect.
2. Add the WWN of all the devices to the DCC policy against the TA.
3. Issue the secpolicyactivate command to activate the DCC policy.
You must enable the TA before issuing the secpolicyactivate command in order for security to
enforce the DCC policy on the trunk ports.
4. Turn on the trunk ports.
Trunk ports should be turned on after issuing the secpolicyactivate command to prevent the
ports from becoming disabled in the case where there is a DCC security policy violation.

53-1000605-04
Configuration management for trunk areas 2
Configuration management for trunk areas

Ports from different ADs are not allowed to join the same Trunk Area group. The porttrunkarea
command prevents the different AD's from joining the TA group.
When you assign a TA, the ports within the TA group will have the same Index. The Index that was
assigned to the ports is no longer part of the switch. Any Domain,Index (D,I) AD that was assumed
to be part of the domain may no longer exist for that domain because it was removed from the
switch.
Example: How Trunk Area assignment affects the port Domain,Index
If you have AD1: 3,7; 3,8; 4,13; 4,14 and AD2: 3,9; 3,10, and then create a TA with Index 8 with
ports that have index 7, 8, 9, and 10. Then index 7, 9, and 10 are no longer with domain 3. This
means that AD2 does not have access to any ports because index 9 and 10 no longer exist on
domain 3. This also means that AD1 no longer has 3,7in effect because Index 7 no longer exists for
domain 3. AD1's 3,8, which is the TA group, can still be seen by AD1 along with 4,13 and 4,14.
A port within a TA can be removed, but this adds the Index back to the switch. For example, the
same AD1 and AD2 with TA 8 holds true. If you remove port 7 from the TA, it adds Index 7 back to
the switch. That means AD1's 3,7 can be seen by AD1 along with 3,8; 4,13 and 4,14.
Enabling Access Gateway trunking

1. Disable ports 36 - 39 by executing portdisable port for each port to be included in the TA.
2. Enable Trunk Area for ports 36 - 39 with area number 37:
switch:admin> porttrunkarea --enable 36-39 -index 37
Trunk area 37 enabled for ports 36, 37, 38 and 39.
3. Re-enable ports 36-39 by executing portenable port for each port in the TA.
4. Show switch/port information:
switch:admin> switchshow
switchName: SPIRIT_B4_01
switchType: 66.1
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 2
switchId: fffc02
switchWwn: 10:00:00:05:1e:41:22:80
zoning: OFF
switchBeacon: OFF
FC Router: ON
FC Router BB Fabric ID: 100
Area Port Media Speed State Proto
=====================================
0 0 -- N8 No_Module
1 1 -- N8 No_Module
2 2 -- N8 No_Module
3 3 -- N8 No_Module
4 4 -- N8 No_Module
5 5 -- N8 No_Module

53-1000605-04
2 Configuration management for trunk areas
6 6 -- N8 No_Module
7 7 -- N8 No_Module
8 8 id N4 Online F-Port 10:00:00:00:00:01:00:00
9 9 -- N8 No_Module
10 10 -- N8 No_Module
32 32 id N4 No_Light
36 36 id N4 Online F-Port 20:14:00:05:1e:41:4b:4d
39 39 id N4 Online F-Port 2 NPIV public
5. Display TA enabled port configuration:

Port Type State Master TA DA

-------------------------------------
36 -- -- -- 37 36
37 -- -- -- 37 37
38 -- -- -- 37 38
39 -- -- -- 37 39
Disabling F_Port trunking

2. Enter the porttrunkarea --disable command.
switch:admin> porttrunkarea --disable 36-39
ERROR: port 36 has to be disabled
Disable each port prior to removing ports from the TA. Then reissue the command:
switch:admin> porttrunkarea --disable 36-39
Trunk area 37 disabled for ports 36, 37, 38 and 39.

53-1000605-04
Access Gateway Cascading 2
F_Port Trunking monitoring

For F_Port masterless trunking, you must install Filter, EE or TT monitors on the F_Port trunk port.
Whenever the master port changes, it is required to move the monitor to the new master port. For
example, if a master port goes down, a new master is selected from the remaining slave ports. APM
must delete the monitor from the old master and install the monitor on new master port. If you
attempt to add a monitor to a slave port, it is automatically added to the master port.
Access Gateway Cascading

Access Gateway cascading is when you connect two Access Gateway (AG) switches linking one end
as an N_Port and the other end as an F_Port. The AG switch that is directly connected to the fabric
is referred to as the Core AG. The AG switch that is connected to the device is referred to as the
Edge AG. The following figure describes Access Gateway cascading.
FIGURE 9 Access Gateway cascading
Ports are connected between the two AG switches, which are connected to each other. AG
cascading connections between devices increase the network use because cascading provides
higher over-subscription while allowing you to consolidate the number of ports going to the main
fabric. There is no license requirement to use this feature.
Configuration considerations when cascading Access Gateway modules/switches:
• You must enable the Port Grouping (PG) policy on both the Edge and Core AG switches.
• Only one level of cascading is supported. Note that several Edge AGs can connect into a single
Core AG to support higher consolidation ratios.
• AG Trunking between the Edge and Core AG switches is not supported.
• It is recommended to enable the Advanced Security Policy (ADS) on the AG F_Ports that are
directly connected to the servers.
• APC policy is not supported when cascading.
• Loopbacks (Core AG N_port to Edge AG F_Port) are not allowed.

53-1000605-04
2 Access Gateway Cascading

53-1000605-04
Chapter
Connecting Devices Using Access Gateway 3
In this chapter
• Connectivity of multiple devices overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
• Configuring the fabric and Edge switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
• Connectivity to Cisco Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
• Access Gateway mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
• Re-joining switches to a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Connectivity of multiple devices overview

This chapter describes how to connect multiple devices to a switch in Access Gateway (AG) mode,
discusses Edge switch compatibility, port requirements, NPIV HBA, and interoperability. Access
Gateway supports Direct Target Attach, which allows you to directly attach a target device to a
switch in AG mode if the AG switch is connected to an external fabric. AG does not support daisy
chaining when two AG devices are connected to each other. Switches in AG mode can connect to
other types of fabrics on Edge switches with the following firmware versions:
• M-EOSc v9.6.2 or later and M-EOSn v9.6
• Cisco v3.0(1) or later, v3.1(1) or later, and v3.2 (1) or later.
• Only FCP initiator ports can be connected to a switch in AG mode as F_Ports. FCP target ports
are supported if a switch in AG mode is connected to an external switch. Loop devices and
FICON channels/control unit connectivity are not supported.
• When a switch is in AG mode, it can be connected to NPIV-enabled HBAs, or F_Ports that are
NPIV-aware. Access Gateway supports NPIV industry standards per FC-LS-2 v1.4.
Configuring the fabric and Edge switch

To connect hosts to the fabric using Access Gateway, configure the fabric using the following
parameters. These parameters apply to Fabric OS, M- EOS, and Cisco-based fabrics:
• Install and configure the switch as described in the switch’s Hardware Reference Manual
before performing these procedures.
• Verify that the interop mode parameter is set to 0, Brocade Native mode, or the switch mode is
in Native mode.
• Configure the F_Ports on the Edge switch to which Access Gateway is connected as follows:
• Enable NPIV.
• Disable long distance mode.

53-1000605-04
3 Configuring the fabric and Edge switch
• Allow multiple logins. The recommended fabric login setting is the maximum allowed per
port and per switch.
• Use only WWN zoning throughout the fabric. Access Gateway does not support domain ID and
other types of zoning schemes.
• Include the Access Gateway WWN or the port WWN of the N_Ports, also include the HBA WWNs
that will be connected to AG F_Ports to the ACL list in ACL policies.
• Allow inband queries for forwarded fabric management requests from the hosts. Add the
Access Gateway switch WWN to the access list if inband queries are restricted.
NOTE
Before connecting Access Gateway to a Fabric OS fabric, disable the Fabric OS Management Server
Platform Service.
Verifying the switch mode

2. Enter the switchShow command to display the current switch configuration.
The following example shows a switch in the Fabric OS Native mode where switchMode
displays as Native.
switchName: switch
switchType: 43.2
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 1
switchId: fffc01
switchWwn: 10:00:00:05:1e:03:4b:e7
zoning: OFF
switchBeacon: OFF

=====================================
0 0 -- N4 No_Module
1 1 cu N4 Online F-Port 50:06:0b:00:00:3c:b7:32
2 2 cu N4 Online F-Port 10:00:00:00:c9:35:43:f5
3 3 cu AN No_Sync
4 4 cu AN No_Sync Disabled (Persistent)
5 5 cu N4 Online F-Port 50:06:0b:00:00:3c:b4:3e
6 6 cu N4 Online F-Port 10:00:00:00:c9:35:43:f3
8 8 cu AN No_Sync

53-1000605-04
Connectivity to Cisco Fabrics 3
21 21 id N4 Online E-Port segmented,(zone conflict)(Trunk
master)
22 22 id N4 Online E-Port (Trunk port, master is Port 21 )
23 23 id N4 Online E-Port (Trunk port, master is Port 21 )
See Table 9 on page 39 for a description of the port state.

If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode,
and then reboot the switch.
Setting the Fabric OS switch to Native Mode

2. Enter the switchDisable command to disable the switch.
switch:admin> switchdisable
3. Save the switch configuration using the configUpload command.

a. Verify that the FTP service is running on the host computer.
b. Enter the configUpload command.
The command becomes interactive and you are prompted for the required information.
4. Enter the configure command and verify that interop mode is set to 0.
Enabling NPIV on the M-EOS switch

1. Connect to the switch and log in as admin on the M-EOS switch.
2. Enable the MS services by entering the following command:
config OpenSysMs setState
3. Enable NPIV functionality on the Edge fabric ports so that multiple logins are allowed for each
port. Enter the following command on the M-EOS switch to enable NPIV on the specified ports.
config NPIV
Your M-EOS switch is now ready to connect.
NOTE
You can run the agshow command to display Access Gateway information registered with the fabric.
When an Access Gateway is exclusively connected to Non-FOS based switches, it will not show up in
the agshow output on other Brocade Switches in the fabric.
Connectivity to Cisco Fabrics

When connecting a switch in Access Gateway mode to a Cisco fabric where certain QLogic-based
devices are present behind the switch in AG mode, some QLogic FC ASIC-based Host Bus Adapters
(HBA)s are not compatible with the routing mechanism used by switches in AG mode.

53-1000605-04
3 Connectivity to Cisco Fabrics
In this case, you must configure the Cisco switch using the Cisco provided procedures to ensure
interoperability with Access Gateway.
If you are using Emulex HBAs or any other HBAs that are not based on QLogic FC ASIC technology,
ensure that N_Port ID Virtualization (NPIV) is enabled on the Cisco switch and that the switch is
running SAN-OS 3.0 (1) or SAN-OS 3.1 (1) or later. By default, NPIV is enabled per switch and not
per port.
Access Gateway routing requirements with Cisco fabrics

The routing mechanism that switches in AG mode and the work around from Cisco to enable Cisco
MDS switches to interoperate with certain QLogic-based devices behind the AG switch is based on
the Cisco Company ID list.
Expanding the 8-bit ALPA routing in AG to 16-bit routing, which uses both the Area and the ALPA
fields, allows AG to handle PIDs with lower 8 bits. In ALPA routing mode, Cisco switches assign PIDs
to NPIV devices that differ in the lower 16 bits and assign PIDs for NPIV logins in the format of
ddXXXX. Fabric OS switches assigns PIDs in the format of ddaaXX. You can configure these
switches to route frames to a destination port based on the lower 16 bits in the PID.
Because switches in AG mode use the lower 8 bits of the FCID (that is, the ALPA/Port_ID field) to
route the frames between its F_Ports (connected to servers) and N_Ports (connected to the fabric)
Access Gateway cannot accept:
• Two FCIDs with the same lower 8 bits on the same N_Port (for example, 0xaabb02 and
0xccdd02)
• A "00" in the ALPA/Port_ID field of the FCID, which is returned for F_Ports logins (that is, server
HBA logins behind AG, also known as FDISC logins. If either of these two situations is detected,
the switch in AG mode persistently disables the server ports with the reason code "Duplicate
ALPA detected."
Enabling NPIV on a Cisco switch

1. Log in as admin on the Cisco MDS switch.
2. Enter the show version command to determine that you are using the correct SAN-OS version
and to see if NPIV is enabled on the switch.
3. Enter the following commands to enable NPIV:
conf t
enable npiv
4. Press Ctrl-Z to exit.

5. Enter the following commands to save the MDS switch connection:
copy run start
Your Cisco switch is now ready to connect to a switch in Access Gateway mode.

53-1000605-04
Workaround for QLogic-based devices

If there are QLogic-based devices behind a switch in AG mode, you must use the Cisco provided
procedures to connect to a Fabric OS switch in AG mode to a Cisco fabric. Cisco software maintains
a list of QLogic-based HBAs. Each HBA is identified by its company ID (also know as Organizational
Unit Identifier, or OUI) used in the PWWN during a fabric log in. You can modify the Cisco Company
ID entries using the CLI.
NOTE
You must set the fcinterop FC ID allocation scheme to auto and use the company ID list and
persistent FC ID configuration to manipulate the FC ID device allocation.
Table 8 shows the Cisco Company ID list, which shows the OUI ID as the three middle bytes of the
World Wide Name (WWN). This OUI ID format is used for initiator devices.
TABLE 8 OUI IDs that require special treatment

OUI ID
00:E0:8B 00:02:6B
00:09:6B 00:06:2B WWN: 00:00:11:22:33:00:00:00
00:11:25 00:14:5E OUI
00:50:8B 00:A0:B8
00:60:B0 00:D0:60
00:90:A5 00:E0:69
00:50:2E 00:D0:B2
For detailed documentation on the FCID allocation for HBAs, go to:

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/san-os/configu
ration/guide/adv.html#wp1127676
Editing Company ID List if no FC target devices on switch

You can connect a Cisco MDS switch to a switch in AG mode if there are no FC target devices, such
as storage arrays on the Cisco switch. You can do this by editing the Company ID List or by placing
the Cisco switch FCID allocation mode into FLAT mode.
1. Connect to the switch and log in as admin on the Cisco MDS switch.
2. From the Company ID List, delete the OUI IDs of all the HBAs that are connected through the
switch in AG mode.
3. Delete the OUI IDs if and only if they are in the Company ID List.
4. Enter the following commands to determine the OUIs in the Company ID List:
switch#_show fcid-allocation area
FCID area allocation company id info:
00:50:2E <- Default entry
00:50:8B
00:60:B0
00:E0:79
00:0D:60 + <- User added entry
00:09:6B + <- User added entry

53-1000605-04
3 Connectivity to Cisco Fabrics
00:E0:8B * <- Explicitly deleted entry (from the original default list)
Total company ids 6
+ - Additional user configured company ids
* -Explicitly deleted company ids from default list.
Adding or deleting an OUI from the Company ID List

The following example shows how to add or delete an OUI (0x112233) from the Company ID List.
1. Enter the following command:
config t
2. Enter the following command to add the OUI ID 0x112233 to list:

fcid-allocation area company-id 0x112233
3. Enter the following command to delete the OUI ID 0x445566 from list:
no fcid-allocation area company-id 0x445566
4. Enter the following command to display the list:

do show fcid-allocation area

6. Issue the following command to save the MDS switch configuration.
copy run start
Ensure that the OUI IDs of the attached target devices are listed in the updated Company ID List.
After you update the list, you are ready to connect the Access Gateway device. If any of the AG
server ports (F_Ports) report that the port is disabled with reason code “Duplicate ALPA Detected,”
then use the follow considerations:
• Ensure that the debug FLOGI mode is not enabled; Cisco does not support NPIV when FLOGI
debug is set. Run the show debug flogi command to verify that the FLOGI mode is not enabled.
If the FLOGI mode is enabled, you must disable it using the following FLOGI debug commands:
config t
no flogi debug
Press Ctrl-Z to exit
copy run start Saves MDS switch configuration
• By default, if this is a new or an existing VSAN to use with the switch in Access Gateway mode,
the default policy for access is "deny." Either set it to "permit" or zone the devices for access.
• Access Gateway is compatible with Cisco VSAN, Dynamic Port VSAN (DVPM), and Inter-VSAN
Routing (IVR) features; however, you may need to use the AG Port Grouping policy to take full
advantage of these MDS features. For more information on the Port Grouping policy, see the
“Port Grouping policy” on page 16.

53-1000605-04
Enabling Flat FCID mode if no FC target devices on switch

1. Alternatively, you can place the Cisco switch FCID allocation mode into FLAT mode by entering
the following commands:
config t
fcinterop fcid-allocation flat
2. Enter the following command to enable VSAN mode:

vsan database
3. Enter the following commands to enable the Flat FCID mode:

vsan <vsan#> suspend
no vsan <vsan#> suspend

5. Enter the following command to save the MDS switch configuration:
copy run start
NOTE
If there are any device(s) in the VSAN that you suspend, it takes that device offline until you
unsuspend that VSAN.
Editing Company ID list if target devices on switch

If there are target devices on the switch, you must add the OUI of all the target devices present on
the switch to the Company ID list, and then delete the OUI IDs of all the HBAs that are connected
through the switch in Access Gateway mode from the Company ID list. You must remove the OUI IDs
if and only if they are in the Company ID list. Use the following commands to determine if the OUIs
in the Company ID list:
switch#_show fcid-allocation area
FCID area allocation company id info:
00:50:2E <- Default entry
00:50:8B
00:60:B0
00:E0:79
00:0D:60 + <- User -added entry
00:09:6B + <- User -added entry
00:E0:8B * <- Explicitly deleted entry (from the original default list)
Total company ids 6
+ - Additional user configured company ids
* -Explicitly deleted company ids from default list.
NOTE
You can also use the Persistent FCID field in the Cisco GUI tool to manually assign the FCIDs to
QLogic-based devices behind the Access Gateway module. If you use the method, ensure that
proper FCIDs are assigned, which have a different Area field from the target devices connected to
the same MDS switch. See “Access Gateway routing requirements with Cisco fabrics” on page 34 to
ensure that the switch meets the AG routing requirements.

53-1000605-04
3 Access Gateway mode
Access Gateway mode

Before enabling a switch to AG mode, you must save the switch configuration because after you
enable AG mode, some fabric information is erased, such as the zone and security databases. For
information on backing up and restoring the configuration file, refer to the Fabric OS
Administrator’s Guide.
Enabling AG mode is disruptive; the switch is disabled and rebooted. You must verify that the switch
is set to Native mode or interopmode 0. Run the switchshow command to verify the switch mode. If
the switch mode is anything other than 0, you must run the interopmode 0 command to set the
switch to Native mode. For more information on setting switches to Native mode, see “Setting the
Fabric OS switch to Native Mode” on page 33. For more information on ag commands, refer to the
Fabric OS Command Reference.
If you are setting the Brocade 300 and 200E switches to AG modes, you must enable all ports
using POD licensing before enabling Access Gateway mode.
NOTE
The maximum number of AGs that can be connected to an Edge switch is 30. The maximum number
of devices that can be connected to a Fabric OS switch through AG depends on the maximum
number of local devices that are supported by Fabric OS.
Enabling Access Gateway mode

Ensure that no zoning or AD transaction buffers are active. If any transaction buffer is active,
enabling AG mode will fail with the error, “Failed to clear Zoning/Admin Domain configuration”.
1. Enter the ag --modeenable command.
switch:admin> ag --modeenable
The switch automatically reboots and comes back online in AG mode using a factory default
F_Port-to-N_Port mapping. For more information on AG default F_Port-to-N_Port mapping, see
Table 10 on page 50.
2. Enter the ag --modeshow command to verify that AG mode is enabled.
switch:admin> ag --modeshow
Access Gateway mode is enabled.
3. Enter the ag --mapshow command without any options to display all the mapped ports.
The ag --mapshow command shows all the N_Ports (with the portcfgnport value of 1) even if
those N_Ports are not connected.
switch:admin> ag --mapshow
N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name
-----------------------------------------------------------------------------
0 4;5;6 4;5;6 1 0 2 SecondFabric
1 7;8;9 7;8;9 0 1 0 pg0
2 10;11 10;11 1 0 2 SecondFabric
3 12;13 12;13 0 1 0 pg0
-----------------------------------------------------------------------------

53-1000605-04
Access Gateway mode 3
4. Enter the switchShow command without any options to display the status of all ports.
switchName: switch
switchType: 43.2
switchState: Online
switchMode: Access Gateway Mode
switchWwn: 10:00:00:05:1e:03:4b:e7
switchBeacon: OFF

=====================================
0 0 -- N4 No_Module
1 1 cu N4 Online F-Port 50:06:0b:00:00:3c:b7:32 0x5a0101
2 2 cu N4 Online F-Port 10:00:00:00:c9:35:43:f5 0x5a0003
3 3 cu N4 Online F-Port 50:06:0b:00:00:3c:b6:1e 0x5a0102
4 4 cu N4 Online F-Port 10:00:00:00:c9:35:43:9b 0x5a0002
8 8 cu N4 Online F-Port 10:00:00:00:c9:35:43:a1 0x5a0001
21 21 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0200
Port States
The following table describes the possible port states.
TABLE 9 Port state description
State Description
No _Card No interface card present

No _Module No module (GBIC or other) present
Mod_Val Module validation in process
Mod_Inv Invalid module
No_Light The module is not receiving light
No_Sync Receiving light but out of sync
In_Sync Receiving light and in sync
Laser_Flt Module is signaling a laser fault
Port_Flt Port marked faulty

53-1000605-04
3 Access Gateway mode
TABLE 9 Port state description

State Description
Diag_Flt Port failed diagnostics

Lock_Ref Locking to the reference signal
Testing Running diagnostics
Offline Connection not established (only for virtual ports)
Online The port is up and running
Disabling Access Gateway mode

Before you disable a switch in AG mode, you should always back up the current configuration.
Disabling AG mode clears the F_Port-to-N_Port mapping.
Disabling AG mode is disruptive; the switch is disabled and rebooted. After AG mode is disabled,
the switch starts in Fabric OS Native mode. The switch will segment from the fabric upon reboot. To
re-join the switch to the core fabric, refer to “Re-joining switches to a fabric” on page 41.
For additional information on reconfiguring a switch and joining it to a fabric, see the Fabric OS
Administrator’s Guide.
2. Enter the ag --modeshow command to verify that the switch is in AG mode.
Access Gateway mode is enabled

switch:admin> switchdisable
NOTE
To save the Access Gateway configuration, use the configUpload command before proceeding
with the next step.
4. Enter the ag command with the --modedisable operand to disable AG mode.

switch:admin> ag --modedisable
The switch automatically reboots and comes back online using the fabric switch configuration;
the AG parameters, such as F_Port-to-N_Port mapping, and the Failover and Failback policies
are automatically removed.
5. Enter the ag --modeshow command to verify that AG mode is disabled.
Access Gateway mode is NOT enabled
Saving the Access Gateway configuration

2. Enter the configUpload command.

53-1000605-04
Re-joining switches to a fabric 3
Re-joining switches to a fabric

After a switch reboots and AG mode is disabled, the Default zone is set to no access. Therefore, the
switch does not immediately join the fabric to which it is connected. Use one of the following
methods to re-join a switch to the fabric:
• If you saved a Fabric OS configuration before enabling AG mode, download the configuration
using the configDownload command.
• If you want to re-join the switch to the fabric using the fabric configuration, use the following
procedure.
3. Enter the defZone --allAccess command to allow the switch to merge with the fabric.
4. Enter the cfgSave command to commit the defzone changes.
5. Enter the switchEnable command to enable the switch and allow it to merge with the fabric.
The switch automatically re-joins the fabric.
Reverting to a previous configuration

3. Enter the configDownload command to revert to the previous configuration.
4. Enter the switchEnable command to bring the switch back online.
The switch automatically joins the fabric.

53-1000605-04
3 Re-joining switches to a fabric

53-1000605-04
Chapter
Configuring Ports in Access Gateway mode 4
In this chapter
• Port Initialization in Access Gateway mode . . . . . . . . . . . . . . . . . . . . . . . . . . 43
• N_Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
• Port configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Port Initialization in Access Gateway mode

This chapter explains how to configure ports in Access Gateway mode and how to implement
Access Gateway masterless trunking. You must have the role of securityadmin, admin, or user to
configure AG.
To ensure that all hosts are brought online when a switch in Access Gateway mode starts up, the
ports are initialized in the following manner:
1. When you enable a switch to AG mode, N_Ports are initialized only if they belong to the default
factory configuration of the switch. During N_Port initialization all the F_Ports are disabled
(kept offline).
The ports are enabled or disabled as follows:
• Enabled (online) if the port receives a fabric login event and is connected to an F_Port of
an Edge switch that supports NPIV (N_Port ID virtualization).
• Disabled (offline) if the port is not connected to a fabric or is connected to a fabric port
that does not support NPIV.
2. All F_Ports mapped to online N_Ports are enabled.
3. F_Ports mapped to an offline N_Port with the failover policy enabled fail over to an online
N_Port.
4. The host logs into the fabric as follows:
a. The host sends a FLOGI (fabric login) request.
b. Access Gateway converts the FLOGI request into an FDISC request to the fabric with the
same parameters as the host.
c. The fabric processes the request and sends an FDISC response.
d. Access Gateway converts the FDISC Accept link service reply (ACC) response to the host as
an FLOGI ACC using the same parameters as the fabric.
e. The host receives the response from the fabric.
Figure 10 shows Access Gateway logically transparent to the host and the fabric after
ports are initialized.

53-1000605-04
4 N_Ports
a c
b
d
e
FIGURE 10 Initialized ports in Access Gateway
You can expand your fabric by configuring the F_Ports to connect to the fabric as N_Ports, which
increases the number of device ports you can connect to a single fabric port. You can connect AG to
more than one fabric.
When AG is connected to at least one Edge switch in the fabric, Fibre Channel ports operate as
either a target or as an initiator. Fibre Channel ports target ports can also connect to AG as F_Ports.
The following combinations are possible with initiators and targets:
• All F_Ports connect to the FCP initiator port.
• All F_Ports connect to the FCP target port.
• Some F_Ports connect to the FCP initiator port and some connected to FCP target port.
• Targets and hosts that are connected to the same AG are not supported.
N_Ports
The AG port connected to the Enterprise fabric must be configured as an N_Port using the
portcfgnport mode command. By default, on embedded switches, only the internal ports of Access
Gateway are configured as F_Ports. All external ports are configured (locked) as N_Ports. For more
information on which ports are mapped by default, see Table 10 on page 50. The internal ports
connect hosts in the bladed server and external ports connect to the fabric.
The enabled N_Port will automatically come online if it is connected to an Enterprise fabric switch
that supports NPIV. NPIV capability should be enabled on the ports connected to the Access
Gateway. Use the portcfgnpivport command to enable NPIV capability on the specific port. By
default, NPIV is enabled on 8 Gbps switches.
NOTE
A switch in Access Gateway mode must have at least one port configured as an N_Port.
Therefore, the maximum number of F_Ports that can be mapped to an N_Port is the number of
ports on the switch minus one.
Figure 11 shows a host connected to an embedded switch’s external F_Port when Access Gateway
is enabled. The configured F_Port is mapped to an N_Port.

53-1000605-04
N_Ports 4
FIGURE 11 Example of adding an external F_Port (F9) on an embedded switch
Unlocking N_Ports
Unlocking the N_Port configuration automatically changes the port to an F_Port. When you unlock
an N_Port, the F_Ports are automatically unmapped and disabled.
2. Enter the portcfgnport command.
NOTE
The portcfgnport command only works when the Port Grouping policy is enabled.
switch:admin> portcfgnport
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
--------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--
Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
3. Enter the portcfgnport command with <portnumber> 0 operand to unlock N_Port mode.
switch:admin> portcfgnport 10 0
Alternatively, to lock a port in N_Port mode, enter the portcfgnport <portnumber> 1 command.
switch:admin> portcfgnport 10 1
By default, on embedded switches, all external ports are configured as N_Port lock mode when you
enable Access Gateway. Access Gateway connects only FCP initiators and targets to the fabric. It
does not support other types of ports, such as ISL (interswitch link) ports.

53-1000605-04
4 N_Ports
The port types on a fabric switch are not locked. Fabric OS Native mode dynamically assigns the
port type based on the connected device: F_Ports and FL_Ports for hosts, HBAs, and storage
devices; and E_Ports, EX_Ports, and VE_Ports for connections to other switches.
Displaying N_Port configurations

2. Enter the portcfgnport command.
switch:admin> portcfgnport
Ports 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
--------------------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--
Locked N_Port .. .. .. .. .. .. .. .. .. .. ON ON ON ON ON ON
Verifying port mapping and status

You can display the port mappings and status of the host connections to the fabric on Access
Gateway using the ag --mapshow command. See the Fabric OS Command Reference for more
information on the ag command.
2. Enter the ag --mapshow command.
-----------------------------------------------------------------------------
0 4;5;6 4;5;6 1 0 2 SecondFabric
1 7;8;9 7;8;9 0 1 0 pg0
2 10;11 10;11 1 0 2 SecondFabric
3 12;13 12;13 0 1 0 pg0
-----------------------------------------------------------------------------
Use the following parameters:

N_Port The numbers of ports locked in N_Port mode.
Configured F_Ports The F_Ports that are mapped to the corresponding N_Port.
Current F_Ports Shows the F_Ports that are currently connected to the fabric on
the corresponding N_Port.
In the case of failover, the current F_Ports and configured
F_Ports differ.
Failover and Failback Indicates whether the N_Port policy is enabled (1) or disabled
(0).
PG_ID and PG_Name Indicates whether the Port Grouping policy is enabled (1) or
disabled (0).
Displaying N_Port mapping

2. Enter the ag --mapshow command and specify the port number.
The N_Port failover and failback policies and the mapped F_Ports displays.

53-1000605-04
Port configurations 4
----------------------------------------------------------------------------
0 4;6 4;6 1 0 2 SecondFabric
1 7;8;9 7;8;9 0 1 0 pg0
2 5;10;11 5;10;11 1 0 2 SecondFabric
3 12;13 12;13 0 1 0 pg0
Displaying port status

2. Enter the switchshow command without any operands.
switchName: switch
switchType: 43.2
switchState: Online
switchWwn: 10:00:00:05:1e:03:4b:e7
switchBeacon: OFF

=====================================
0 0 -- N4 No_Module
1 1 cu N4 Online F-Port 50:06:0b:00:00:3c:b7:32 0x5a0101
4 4 cu N4 Online F-Port 10:00:00:00:c9:35:43:9b 0x5a0002
8 8 cu N4 Online F-Port 10:00:00:00:c9:35:43:a1 0x5a0001
NOTE
For a description of the port state, see Table 9 on page 39.
Port configurations
The following mapping updates and adding and removing of ports are only applicable to the Port
Grouping policy.

53-1000605-04
4 Port configurations
Adding F_Ports to an N_Port

When you update the mapping, only the F_Ports added or removed are affected. Adding an F_Port
to an N_Port routes that traffic to and from the fabric through the specified N_Port. When you
enable the failover policy and if the N_Port goes offline or fails, the F_Port automatically routes to
another N_Port, which is connected to the same fabric.
You can assign an F_Port to only one primary N_Port at a time. If the F_Port is already assigned to
an N_Port, you must remove it from the N_Port before you can add it. Use the following procedure
to add an F_Port to an N_Port.
NOTE
For bladed servers, the HBA connects to the internal ports. Internal ports are F_Ports. By default,
only the external ports are configured as N_Ports.

2. Enter the ag command with the --mapdel <n_portnumber> <F_Port1;...;F_Port2> operand to
remove the F_Port from the N_Port. The f_portlist can contain multiple F_Port numbers
separated by semicolons, for example “17;18”.
switch:admin> ag --mapdel 10 6
F-Port to N-Port mapping has been updated successfully
3. Enter the switchshow command to verify that the F_Port is free (unassigned).
Unassigned F_Port status is Disabled (No mapping for F_Port). See port 6 in the following
example.
switchName: fsw534_4016
switchType: 45.0
switchState: Online
switchWwn: 10:00:00:05:1e:02:1d:b0
switchBeacon: OFF

=====================================
0 0 cu AN No_Sync
1 1 cu AN No_Sync Disabled (N-Port Offline for F-Port)
6 6 cu AN No_Sync Disabled (No mapping for F-Port)
7 7 cu AN No_Sync
8 8 cu AN No_Sync
9 9 cu AN No_Sync
13 13 id N4 Online N-Port 10:00:00:05:1e:35:10:1e 0x5a0a00
4. Enter the ag command with the --mapadd <n_portnumber> “<f_port1;f_port2;...> operand to

add the list of F_Ports to the N_Port.

53-1000605-04
The f_portlist can contain multiple F_Port numbers separated by semicolons, for example
“17;18”.
switch:admin> ag --mapadd 13 "6;7"
5. Enter the ag --mapshow command with the n_portnumber operand to display the list of
mapped F_Ports. Verify that the added F_Ports appear in the list.
switch:admin> ag --mapshow 13
N_Port : 13
Failover(1=enabled/0=disabled) : 1
Failback(1=enabled/0=disabled) : 1
Current F_Ports : None
Configured F_Ports : 6;7
PG_ID : 0
PG_Name : pg0
Removing F_Ports from an N_Port

Removing F_Ports from an N_Port unassigns the F_Port. The F_Port status changes to Disabled.
(No mapping for F_Port).
2. Enter the ag --mapdel command with the <n_portnumber> <f_port1;f_port2;...> operands to
remove the list of F_Ports from the N_Port.
switch:admin> ag --mapdel 13 “5;6”
3. Enter the ag --mapshow command with the n_portnumber operand to display a list of
mapped F_Ports. Verify that the F_Ports you removed are not in the list.
switch:admin> ag --mapshow 13
N_Port : 13
Failover(1=enabled/0=disabled) : 1
Failback(1=enabled/0=disabled) : 1
Current F_Ports : None
Configured F_Ports : 7
PG_ID : 0
PG_Name : pg0
Adding a preferred secondary N_Port

Preferred mapping is optional. Adding a preferred N_Port provides an alternate N_Port for F_Ports
to fail over to. The F_Ports must have a primary N_Port mapping before a secondary N_Port can be
configured.
You add the F_Ports to a preferred secondary N_Port using the prefset command, which sets the
preferred N_Port for one or more F_Ports. You can delete the F_Ports from the preferred N_Port
using the prefdel command. This following procedure shows adding F_Ports 3 and 9 to preferred
secondary N_Port 4.

53-1000605-04

2. Enter the ag --prefset command with the <F_Port1;F_Port2; ...> <N_Port> operands to add
the preferred secondary F_Ports to the specified N_Port.
The F_Ports that you want to map must be enclosed in quotation marks and the port numbers
must be separated by a semicolon, for example:
switch:admin> ag --prefset "3;9" 4
Preferred N_Port is set successfully for the F_Port[s]
Deleting F_Ports from a preferred secondary N_Port

This example shows deleting F_Ports 3 and 9 from preferred secondary N_Port 4.
2. Enter the ag --prefdel command with the <F_Port1;F_Port2; ...> <N_Port> operands to delete
the preferred F_Port mapping from the specified N_Port.
The list of F_Ports to delete from the secondary mapping must be enclosed in quotation marks.
Port numbers must be separated by a semicolon, for example:
switch:admin> ag --prefdel "3;9" 4
Preferred N_Port is deleted successfully for the F_Port[s]
The following table shows the default F_Port-to-N_Port mapping that is automatically configured
when Access Gateway mode is enabled. All N_Ports have failover and failback enabled. All ports
must have the POD license active to use Access Gateway on the Brocade 300 and 200E.
.
TABLE 10 Access Gateway default F_Port-to-N_Port mapping

Brocade Total Ports F_Ports N_Ports Default F_ to N_Port Mapping
Model
300 24 0-15 16 -23 0, 1 mapped to 16

2, 3 mapped to 17
4, 5 mapped to 18
6 , 7 mapped to 19
8, 9 mapped to 20
10, 11 mapped to 21
12, 13 mapped to 22
14, 15mapped to 23
200E 16 0-11 12-15 0, 1, 2 mapped to 12
3, 4, 5 mapped to 13
9, 10, 11 mapped to 15
4012 12 0–7 8–11 0, 1 mapped to 8
2, 3 mapped to 9
4, 5 mapped to 10
6, 7 mapped to 11

53-1000605-04
TABLE 10 Access Gateway default F_Port-to-N_Port mapping

Brocade Total Ports F_Ports N_Ports Default F_ to N_Port Mapping
Model
4016 16 0–9 10–15 0, 1 mapped to 10

2, 3 mapped to 11
4, 5 mapped to 12
6, 7 mapped to 13
8 mapped to 14
9 mapped to 15
4018 18 4-11 0-3 4, 5, 12 mapped to 0
8, 9, 14, 16 mapped to 2
10, 11, 15, 17 mapped to 3
4020 20 1–14 0, 15–19 1, 2 mapped to 0
3, 4 mapped to 15
8, 9 mapped to port 17
10, 11 mapped to 18
12, 13, 14 mapped to 19
4024 24 1–16 0, 17–23 1, 2 mapped to 17
9, 10 mapped to 18
3, 4 mapped to 19
11, 12 mapped to 20
5, 6 mapped to 21
13, 14 mapped to 22
7, 8 mapped to 23
15, 16 mapped to 0
4424 24 17-20 1-8 0, 17-23 as N_Port with failover
enabled, failback enabled
1, 2 mapped to 17
3, 4 mapped to 18
5, 6 mapped to 19
7, 8 mapped to 20
9, 10 mapped to 21
11, 12 mapped to 22
13, 14 mapped to 23
15, 16 mapped to 0

53-1000605-04

53-1000605-04
Appendix
Troubleshooting A
This appendix provides troubleshooting instructions.
TABLE 11 Troubleshooting
Problem Cause Solution
Switch is not in Access Switch is in Native switch mode Disable switch using the switchDisable command.
Gateway mode Enable Access Gateway mode using
the ag --modeenable command.
Answer yes when prompted; the switch reboots.
Log in to the switch.
Display the switch settings using the switchShow command. Verify
that the field switchMode displays Access Gateway Mode.
NPIV disabled on Edge Inadvertently turned off On the Edge switch, enter the portCfgShow command.
switch ports Verify that NPIV status for the port to which Brocade Access Gateway
is connected is ON.
If the status displays as “--” NPIV is disabled. Enter the
portCfgNpivPort <port_number> command with the 1 operand to
enable NPIV.
Repeat step for each port as required.
Need to reconfigure Default port setting not adequate for On Brocade Access Gateway, enter the portCfgShow command.
N_Port and F_Ports customer environment For each port that is to be activated as an N_Port, enter the
portCfgNport <port_number> command with the 1 operand.
All other ports remain as F_Port.
To reset the port to an F_Port, enter the portCfgNpivPort
<port_number> command with the 0 operand.
LUNs are not visible Zoning on fabric switch is incorrect. Verify zoning on the Edge switch.
Port mapping on Access Gateway mode Verify that F_Ports are mapped to an online N_Port. See “Access
switch is incorrect. Gateway default F_Port-to-N_Port mapping” on page 50.
Cabling not properly connected. Perform a visual inspection of the cabling, check for issues such as
wrong ports, twisted cable, or bent cable. Replace the cable and try
again.

53-1000605-04
A Troubleshooting
TABLE 11 Troubleshooting (Continued)

Problem Cause Solution
Failover is not working Failover disabled on N_Port. Verify that failover and failback policies are enabled, as follows:
Enter the ag --failoverShow command with the <port_number>
operand.
Enter the ag --failbackShow command with the <port_number>
operand.
Command returns “Failback (or Failover) on N_Port <port_number> is
supported.”
If it returns, “Failback (or Failover) on N_Port <port_number> is not
supported.” See “Adding a preferred secondary N_Port” on page 49.
Access Gateway is mode Access Gateway must be disabled. Disable switch using the switchDisable command.
not wanted Enable Access Gateway mode using
the ag --modeDisable command.
Answer yes when prompted; the switch reboots.
Log in to the switch.
Display the switch settings using the switchShow command. Verify
that the field switchMode displays Fabric OS native mode.
NOTE
If a Fabric OS switch is in Access Gateway mode and is also set to McDATA Fabric mode, when that
switch is connected to an M-EOS switch, the Fabric OS switch does not display in the output when
you run the agshow command.

53-1000605-04
Index
A authentication
limitations, 22
Access Gateway
cascading, 29
comparison to standard switches, 4 B
compatible fabrics, 2
connecting devices, 31 behavior
connecting two AGs, 29 failover policy, 15
description, 1
displaying information, 33
features, 2
mapping description, 6
C
port mapping, 5
Cisco switch
port types, 4
adding OUIs, 36
Access Gateway mode
AG routing requirements, 34
comparison, 2
Company ID list, 35
direct target attach, 31
deleting OUIs, 35, 36
disabling, 40
displaying FCID, 36
enabling, 38
editing Company ID list, 35
port initialization, 43
enabling Flat FCID mode, 37
port types, 4
enabling NPIV, 34
saving configuration, 40
FLOGI support, 36
supported firmware versions, 31
interoperability with AG, 34
terms, xv
no FC target devices, 35
ACL policies
no target devices on switch, 37
settings, 32 target devices on switch, 37
adding devices to fabric, 9 code, xiv
Address Identifier, 26 cold failover policy
Admin domain, 23 preferred secondary N_Port, 16
ADS Policy
adding devices, 9
disabling, 8
displaying devices, 9, 10
enabling, 8
removing devices, 9
setting devices to login, 8
setting devices to not login, 9
APC Policy
connecting to multiple fabrics, 10
disabling, 11
enabling, 11
rebalancing F_Ports, 11
area assignment, 22

53-1000605-04
commands downgrading, 22
ag, 40 considerations, 6
ag --failbackDisable, 16
ag --failbackEnable, 15
ag --failbackShow, 15, 54
ag --failoverDisable, 14
E
ag --failoverEnable, 13, 14 edge switch
ag --failoverShow, 13, 14, 54 FLOGI, 32
ag --mapAdd, 48
long distance mode setting, 31
ag --mapDel, 48, 49
NPIV, 31
ag --mapShow, 38, 46, 49
settings, 31
ag --modeDisable, 40, 54
external port
ag --modeEnable, 38, 53
N_Port, 48
ag --modeShow, 38, 40
cfgSave, 41
configDownload, 41
configUpload, 33, 40 F
defZone --allAccess, 41
portCfgNpivPort, 53 F_Port
portCfgNport, 45, 46, 53 adding external port on embedded switch, 45
portCfgShow, 53 Address Identifier, 21
switchDisable, 33, 40, 41, 53, 54 disabling trunking, 28
switchEnable, 41 internal ports, 48
switchMode, 53, 54 mapping, example, 5
switchShow, 32, 39, 47, 48, 53, 54 mapping, show, 46
compatibility maximum number mapped to N_Port, 44
fabric, 31 remove, 49
configuration settings, edge switch, 31
show, 46 shared area ports, 25
configurations trunking, 21
limitations with configdownload command, 23 trunking setup, 25
re-joining switch to fabric, 41 fabric
saving AG configuration, 40 compatibility, 31
using configdownload command, 41 inband queries, 32
using configupload command, 40 join, 41
logins, 32
Management Server Platform, 32
zoning scheme, 32
D Fabric OS Management Server Platform Service
settings, 32
daisy chaining, 31
failback policy
DCC policy
example, 12, 14
adding WWN, 26
failover policy
enabling, 26
behavior, 13
limitation creating TA, 24
disabling, 14
default area
enabling, 13, 14
removing ports, 22
example, 13, 15
devices
preferred secondary N_Port, 12
attaching multiple devices, 31 fast write
direct target attach, 31
limitation, 23
Direct Target Attach, 31
FICON
Domain,Index, 27
F_Port trunk ports, 23

53-1000605-04
H N
HA sync N_Port
TA present, 22 AG configurations, 44
displaying configurations, 46
displaying status, 47
I external port, 48
F_Port, remove, 49
ICL ports failover in a PG, 17
mapping example, 5
limitations, 23
masterless trunking, 21
inband queries, 32
maximum number supported, 44
internal port
multiple trunk groups, 21
F_Port, 48
show map, 46
trunk groups, 21
trunking, 21
J trunking considerations, 22
unlock, 45
join fabric, 41 unlocking, 45
native mode
setting, 33
L non disruptive, 22
NPIV
long distance mode, edge switch, 31 edge switch, 31
enable with portcfgnpivport command, 44
enabling on Cisco switch, 34
enabling on M-EOS swtich, 33
M support, 31
management server, 22
mapping
example, 5 O
ports, 5
show, 46 optional features, xvii
masterless trunking
blades not supported, 23
PID format, 23 P
M-EOS switch
enabling NPIV, 33 Policies
Access Gateway, 7
Advance Device Security, 8
enabling DCC policy, 26
enforcement matrix, 20
Port Grouping, 16
security enforcement, 8
showing current policies, 7
using policyshow command, 7
port
comparison, 4
mapping, 5
requirements, 31
types, 4

53-1000605-04
port group
add N_Port, 18, 19
S
create, 18 settings
delete N_Port, 19 ACL policies, 32
disabling, 20 FLOGI, 32
port group 0, 18 inband queries, 32
remove port group, 19 Management Server Platform, 32
rename, 20 zone, no access, 41
Port Grouping policy supported hardware and software, xiii
using portcfgnport command, 45 switch mode
port mapping
verify, 32
displaying, 46 switchMode
dynamic mapping, 10 Access Gateway mode, 38
maximum number of F_Ports, 44
Native, 32
verifying, 46
Port mirroring
not supported, 23
port state T
description, 39
port swap terms, xv
not swapping TA, 23 trunk area
port types activate DCC policy, 26
assign, 25
limitations, 22
configuration management, 27
Preferred, 12
disabling, 23
preferred secondary N_Port
remove ports, 25
cold failover, 16
standby CP, 22
definition, xvi
using the porttrunkarea command, 23
deleting F_Ports, 50
trunk groups
failover policy, 12
create, 24
forming groups, 16
trunk master
not online, 12
limitation, 23
online, 12
PWWN trunking
enabling, 23, 27
format, 24
license, 21
sharing TA trunk group, 22
monitoring, 29
Q U
QLogic-based devices
unlock
workaround, 35
N_Port, 45
upgrading, 22
considerations, 6
R with ADS policy enabled, 6
with APC policy enabled, 6
removing devices from switch, 9 with PG policy enabled, 6
removing trunk ports, 22
requirements
ports, 31

53-1000605-04
Z
zoning
schemes, 32
setting, 41

53-1000605-04
53-1000605-04

53 1000605 04 AccessGateway v611

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

53 1000605 04 AccessGateway v611

Uploaded by

Copyright:

Available Formats

53-1000605-04

Supporting Fabric OS 6.1.1

Document Title Publication Number Summary of Changes Publication Date

Access Gateway Administrator’s Guide 53-1000430-01 First version January 2007

Access Gateway Administrator’s Guide iii

About This Document

Chapter 1 Getting Started

Chapter 2 Enabling Policies on Switches in Access Gateway Mode

Access Gateway Administrator’s Guide v

Chapter 3 Connecting Devices Using Access Gateway

vi Access Gateway Administrator’s Guide

Chapter 4 Configuring Ports in Access Gateway mode

Access Gateway Administrator’s Guide vii

Figure 1 Access Gateway and fabric switch comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Access Gateway Administrator’s Guide ix

Table 1 Fabric OS components supported on Access Gateway . . . . . . . . . . . . . . . . . . . . . 3

Access Gateway Administrator’s Guide xi

• How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

How this document is organized

Supported hardware and software

Access Gateway Administrator’s Guide xiii

Command syntax conventions

xiv Access Gateway Administrator’s Guide

| Boolean. Elements are exclusive. Example: --show -mode egress | ingress

Notes, cautions, and warnings

Access Gateway Administrator’s Guide xv

xvi Access Gateway Administrator’s Guide

Optional Brocade features

Getting technical help

The serial number label is located as follows:

Access Gateway Administrator’s Guide xvii

xviii Access Gateway Administrator’s Guide

Brocade Access Gateway

Access Gateway Administrator’s Guide 1

FIGURE 1 Access Gateway and fabric switch comparison

Fabric OS features in Access Gateway mode

2 Access Gateway Administrator’s Guide

TABLE 1 Fabric OS components supported on Access Gateway

Access Control Yes (limited roles)

Access Gateway Administrator’s Guide 3

Access Gateway port types

Comparison of Access Gateway ports to standard switch ports

Access Gateway Ports

Fabric Switch Ports

N_Port F_Port E_Port E_Port

N_Port F_Port E_Port E_Port

FIGURE 2 Port usage comparison

4 Access Gateway Administrator’s Guide

Table 2 shows a comparison of port configurations with AG to a standard fabric switch.

TABLE 2 Port configurations

How Access Gateway maps ports

FIGURE 3 Example F_Port-to-N_Port mapping

Access Gateway Administrator’s Guide 5

TABLE 3 Description of F_Port-to-N_Port mapping

F_Port N_Port Edge switch F_Port

F_1, F_2 N_1 Switch_A F_A1

Upgrade and downgrade considerations for switches in AG mode

Considerations with policies enabled

Advance Device Security policy

Automatic Port Configuration policy

Port Grouping policy

6 Access Gateway Administrator’s Guide

Enabling Policies on Switches in Access Gateway Mode 2