Differences

This shows you the differences between two versions of the page.

--- storage:brocade_adv [2025/03/28 16:00]
manu
+++ storage:brocade_adv [2025/05/02 16:13] (current)
manu [Configuring XISL]
@@ Line 114: / Line 114: @@
 https://techdocs.broadcom.com/us/en/fibre-channel-networking/fabric-os/fabric-os-commands/9-2-x/Fabric-OS-Commands/lfCfg.html
+===== Configuring QOS =====
+Quality Of Service can easily activated per zone
+You can enable high or low priority traffic, based on a priority ID.
+  The id range is from 1 through 5 for high-priority traffic, which corresponds to VCs 10 through 14. For low-priority traffic, the id range is from 1 through 2, which corresponds to VCs 8 and 9. The id is optional; if it is not specified, the virtual channels are allocated through a round-robin scheme.
+Example of High priority zone with ID 2
+  QOSH2_myzone1
+For low priority 1
+  QOSL1_myzone2
+After enabling zone, your ISL have to be configured for QOS:
+<cli prompt='>'>
+sw0:admin> portcfgqos --enable 3
+</cli>
 ===== Configuring Virtual Fabric =====
@@ Line 483: / Line 500: @@
 buffers required for 100km at 8G and framesize of 512 bytes
 </cli>
+==== ISL settings for DWDM ====
+{{storage:isl_dwdm_parameters.png?600|}}
 ===== Connect to a switch without password =====
@@ Line 987: / Line 1008: @@
 ===== configuring security policies =====
+  * Fabric configuration server policy (FCS): Restricts which switches can change the configuration of the fabric.
+  * Device connection control (DCC) policy: Restricts which Fibre Channel device ports can connect to which Fibre Channel switch ports.
-FCS Policy : The fabric configuration server policy in base Fabric OS may be performed on a local switch basis and may be performed on any switch in the fabric.
+  * Switch connection control (SCC) policy: Restricts which switches can join with a switch.
 Displaying the Database Distribution Settings
@@ Line 1004: / Line 1025: @@
      IPFILTER  -         accept
 Fabric Wide Consistency Policy:- ""
+</cli>
+Enable Database Distribution Settings
+<cli prompt='>'>
+switch:admin> fddcfg --fabwideset "SCC"
+switch:admin> fddcfg --showall
+Local Switch Configuration for all Databases:-
+     DATABASE  -  Accept/Reject
+---------------------------------
+          SCC  -         accept
+          DCC  -         accept
+          PWD  -         accept
+          FCS  -         accept
+         AUTH  -         accept
+     IPFILTER  -         accept
+Fabric Wide Consistency Policy:- "SCC"
+</cli>
+Best way to configure SCC is to first enable all switches to join the fabric:
+On each SAN switch you can list the WWN:
+<cli prompt='>'>
+switch:admin> wwn
+</cli>
+Do either of the following:
+  * Manually add the front domain switch WWN to the SCC policy, or the Domain ID, or name.
+<cli prompt='>'>
+switch:admin> secpolicycreate SCC_POLICY "WWA;WWB"
+</cli>
+  * Use the command to automatically add all switches in the fabric
+<cli prompt='>'>
+switch:admin> secpolicycreate SCC_POLICY "*"
+</cli>
+List the policy settings
+<cli prompt='>'>
+switch:admin> secpolicyshow
+ ___________________________________________________
+               ACTIVE POLICY
+FCS_POLICY
+   Pos   Primary WWN                     DId swName
+__________________________________________________
+   Yes    10:00:00:60:69:30:15:5c   1 primaryfcs
+   No     10:00:00:60:69:30:1e:62   4 switch
+____________________________________________________
+</cli>
+Activate and distribute the SCC policy.
+<cli prompt='>'>
+switch:admin> secpolicysave
+switch:admin> secpolicyactivate
+</cli>
+distribute -p <policy_list> -d <switch_list>
+<cli prompt='>'>
+switch:admin> distribute -p "SCC;DCC" -d "3;5"
+</cli>
+Or
+<cli prompt='>'>
+switch:admin> distribute -p "FCS;PWD" -d "*"
+</cli>
+===== configuring crypto policies =====
+<cli prompt='>'>
+switch:admin> setcryptocfg --show
+SSH Crypto:
+SSH Cipher               : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
+SSH Kex                  : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
+SSH MAC                  : hmac-sha1,hmac-sha2-256,hmac-sha2-512
+TLS Ciphers:
+HTTPS                    : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4
+HTTPS_TLS_v1.3           : TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+RADIUS                   : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4
+LDAP                     : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4
+SYSLOG                   : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4
+RSA                      : ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM
+FA                       : ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM
+TLS Protocol:
+HTTPS                    : Any
+RADIUS                   : Any
+LDAP                     : Any
+SYSLOG                   : Any
+RSA                      : TLSv1.2
+FA                       : TLSv1.2
+X509v3:
+Validation               : Basic
+Compliance:
+CryptoVersion            : 9.2.1
+FIPS Inside              : Disabled
+BootUp Selftests         : Disabled
+switch:admin> seccryptocfg --lstemplates
+List of templates:
+default_cc
+default_generic
+default_strong
+default_fips
+switch:admin> seccryptocfg --show default_strong
+[Ver]  0.2
+[SSH]
+Enc:aes128-ctr,aes192-ctr,aes256-ctr
+Kex:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,curve25519-sha256
+Mac:hmac-sha2-256,hmac-sha2-512
+[AAA]
+RAD_Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM
+LDAP_Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM
+RAD_Protocol:TLSv1.2
+LDAP_Protocol:TLSv1.2
+[LOG]
+Syslog_Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM
+Syslog_Protocol:TLSv1.2
+[HTTPS]
+Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM
+Protocol:TLSv1.3
+Ciphers_tlsv1.3:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256
+[X509v3]
+Validation:Basic
 </cli>

wiki

User Tools

Site Tools

Differences

Page Tools