Brocade Network OS Administrator’s Guide v4.1.1 User Manual
Network os, Administrator’s guide
Table of contents
Document Outline
- Contents
- Preface
- About This Document
- Section I: Network OS Administration
- Introduction to Network OS and Brocade VCS Fabric Technology
- Using the Network OS CLI
- Network OS CLI overview
- Accessing the Network OS CLI through Telnet
- Saving your configuration changes
- Network OS CLI command modes
- Network OS CLI keyboard shortcuts
- Using the do command as a shortcut
- Completing Network OS CLI commands
- Displaying Network OS CLI commands and command syntax
- Using Network OS CLI command output modifiers
- Considerations for show command output
- Basic Switch Management
- Switch management overview
- Ethernet management interfaces
- Stateless IPv6 autoconfiguration
- Switch attributes
- Switch types
- Operational modes
- Modular platform basics
- Supported interface modes
- Slot numbering and configuration
- Connecting to a switch
- Using the management VRF
- Configuring and managing switches
- Configuring Ethernet management interfaces
- Configuring static IP addresses
- Configuring a static IPv4 Ethernet address
- Configuring a static IPv6 Ethernet address
- Configuring an IPv4 address with DHCP
- Configuring IPv6 autoconfiguration
- Displaying the network interface
- Configuring the management interface speed
- Configuring a switch banner
- Configuring switch attributes
- Configuring a switch in logical chassis cluster mode
- Creating a logical chassis cluster
- Taking precautions for mode transitions
- Converting a fabric cluster to a logical chassis cluster
- Converting a fabric cluster while preserving configuration
- Selecting a principal node for the cluster
- Converting a logical chassis cluster to a fabric cluster
- Converting to a fabric cluster while preserving configuration
- Adding a node to a logical chassis cluster
- Removing a node from a logical chassis cluster
- Rejoining a node to the cluster
- Replacing a node in a logical chassis cluster
- Merging two logical chassis clusters
- Changing an RBridge ID on a switch within a fabric
- Examples of global and local configurations
- Configuring a switch in fabric cluster mode
- Configuring a switch in standalone mode
- Displaying switch interfaces
- Displaying slots and module status information
- Replacing a line card
- Configuring high availability
- Disabling and enabling a chassis
- Rebooting a switch
- Troubleshooting switches
- Configuring Ethernet management interfaces
- Configuring policy-based resource management
- Brocade support for Openstack
- Using Network Time Protocol
- Configuration Management
- Installing and Maintaining Firmware
- Firmware management overview
- Upgrading firmware on a local switch
- Preparing for a firmware download
- Connecting to the switch
- Obtaining the firmware version
- Using the firmware download command
- Downloading firmware in the default mode
- Downloading firmware from a USB device
- Downloading firmware by using the noactivate option
- Downloading firmware by using the manual option
- Upgrading firmware by using the manual option
- Downloading firmware by using the default-config option
- Monitoring and verifying a firmware download session
- Upgrading firmware in Brocade fabric cluster mode
- Upgrading firmware in Brocade logical chassis cluster mode
- Upgrading and downgrading firmware within a VCS Fabric
- Configuring SNMP
- Configuring Brocade VCS Fabrics
- Configuring Metro VCS
- Administering Zones
- Zoning overview
- Configuring and managing zones
- Zone configuration management overview
- Understanding and managing default zoning access modes
- Managing zone aliases
- Creating zones
- Managing zones
- Viewing the defined configuration
- Viewing the enabled configuration
- Creating a zone configuration
- Adding a zone to a zone configuration
- Removing a zone from a zone configuration
- Enabling a zone configuration
- Disabling a zone configuration
- Deleting a zone configuration
- Clearing changes to a zone configuration
- Clearing all zone configurations
- Backing up the zone configuration
- Restoring a configuration from backup
- Zone configuration scenario example
- Merging zones
- Configuring LSAN zones — device sharing example
- Configuring Fibre Channel Ports
- Fibre Channel ports overview
- Connecting to a FC Fabric through an FC Router
- Fibre Channel port configuration
- Using Access Gateway
- Access Gateway basic concepts
- Enabling Access Gateway mode
- Disabling Access Gateway mode
- Display Access Gateway configuration data
- VF_Port to N_Port mapping
- Port Grouping policy
- N_Port monitoring for unreliable links
- Using System Monitor and Threshold Monitor
- System Monitor overview
- Configuring System Monitor
- Threshold Monitor overview
- Configuring Threshold Monitor
- Using VMware vCenter
- Configuring Remote Monitoring
- Section II: Network OS Security Configuration
- Managing User Accounts
- Configuring External Server Authentication
- Understanding and configuring remote server authentication
- Understanding and configuring RADIUS
- Understanding and configuring TACACS+
- TACACS+ authorization
- TACACS+ authentication through management interfaces
- Supported TACACS+ packages and protocols
- TACACS+ configuration components
- Configuring the client for TACACS+ support
- Configuring TACACS+ accounting on the client side
- Configuring TACACS+ on the server side
- Configuring TACACS+ for a mixed vendor environment
- Understanding and configuring LDAP
- User authentication
- Server authentication
- Server authorization
- FIPS compliance
- Configuring LDAP
- Importing an LDAP CA certificate
- Deleting LDAP CA certificates
- Configuring an Active Directory server on the client side
- Adding an LDAP server to the client server list
- Changing LDAP server parameters
- Removing an LDAP server
- Importing an LDAP CA certificate
- Deleting an LDAP CA certificate
- Verifying LDAP CA certificates
- Viewing the LDAP CA certificate
- Importing a syslog CA certificate
- Deleting a syslog CA certificate
- Verifying syslog CA certificates
- Viewing the syslog CA certificate
- Configuring Active Directory groups on the client side
- Clearing sessions on the client side
- Configuring an Active Directory server on the client side
- Configuring Fabric Authentication
- Fabric authentication overview
- Understanding fabric authentication
- Configuring SSH server key exchange
- Configuring an authentication policy
- Configuring DH-CHAP shared secrets
- Setting up secret keys
- Setting the authentication policy parameters
- Activating the authentication policy
- Configuring a Brocade VDX 6730 to access a SAN fabric
- Configuring defined and active SCC policy sets
- Configuring port security
- Section III: Network OS Layer 2 Switch Features
- Administering Edge-Loop Detection
- Configuring AMPP
- Configuring FCoE interfaces
- Configuring 802.1Q VLANs
- 802.1Q VLAN overview
- Configuring and managing 802.1Q VLANs
- Understanding the default VLAN configuration
- Configuring interfaces to support VLANs
- Enabling and disabling an interface port
- Configuring the MTU on an interface port
- Creating a VLAN
- Enabling STP on a VLAN
- Disabling STP on a VLAN
- Configuring an interface port as a Layer 2 switch port
- Configuring an interface port as an access interface
- Configuring an interface port as a trunk interface
- Disabling a VLAN on a trunk interface
- Configuring protocol-based VLAN classifier rules
- Displaying VLAN information
- Configuring the MAC address table
- Private VLANs
- Configuring a VXLAN Gateway
- Configuring Virtual Fabrics
- Virtual Fabrics overview
- Virtual Fabrics features
- Virtual Fabrics considerations and limitations
- Virtual Fabrics upgrade and downgrade considerations
- Virtual Fabrics operations
- Virtual Fabrics configuration overview
- Configuring and managing Virtual Fabrics
- Configuring a service VF instance
- Configuring a transport VF instance
- Configuring VF classification to a trunk interface
- Configuring transport VF classification to a trunk interface
- Creating a default VLAN with a transport VF to a trunk interface
- Configuring a native VLAN in regular VLAN trunk mode
- Configuring a native VLAN in no-default-native-VLAN trunk mode
- Configuring additional Layer 2 service VF features
- Upgrading and downgrading firmware with Virtual Fabrics
- Troubleshooting Virtual Fabrics
- Virtual Fabrics overview
- Configuring STP-Type Protocols
- STP overview
- Configuring and managing STP and STP variants
- Understanding the default STP configuration
- Saving configuration changes
- Configuring basic STP
- Configuring RSTP
- Configuring MSTP
- Configuring PVST+ or R-PVST+
- Enabling STP, RSTP, MSTP, PVST+ or R-PVST+
- Disabling STP, RSTP, MSTP, PVST+, or R-PVST+
- Shutting down STP, RSTP, MSTP, PVST+, or R-PVST+ globally
- Specifying bridge parameters
- Configuring STP timers
- Specifying the port-channel path cost
- Specifying the transmit hold count (RSTP, MSTP, and R-PVST+)
- Clearing spanning tree counters
- Clearing spanning tree-detected protocols
- Displaying STP, RSTP, MSTP, PVST+, or R-PVST+ information
- Configuring STP, RSTP, or MSTP on DCB interface ports
- Enabling automatic edge detection (DCB)
- Configuring the path cost (DCB)
- Enabling a port (interface) as an edge port (DCB)
- Enabling guard root (DCB)
- Specifying the STP hello time (DCB)
- Specifying restrictions for an MSTP instance (DCB)
- Specifying a link type (DCB)
- Enabling port fast (DCB)
- Specifying the port priority (DCB)
- Restricting the port from becoming a root port (DCB)
- Restricting the topology change notification (DCB)
- Enabling and disabling STP (DCB)
- Configuring DiST
- Configuring UDLD
- Configuring Link Aggregation
- Link aggregation overview
- Link aggregation setup
- vLAG configuration overview
- Configuring load balancing on a remote RBridge
- Configuring and managing LACP
- Understanding the default LACP configuration
- Enabling LACP on a DCB interface
- Configuring the LACP system priority
- Configuring the LACP timeout period on a DCB interface
- Clearing LACP counter statistics on a LAG
- Clearing LACP counter statistics on all LAG groups
- Displaying LACP information
- Troubleshooting LACP
- Configuring LLDP
- LLDP overview
- Configuring and managing LLDP
- Understanding the default LLDP
- Enabling LLDP globally
- Disabling LLDP globally
- Resetting LLDP globally
- Configuring LLDP global command options
- Specifying a system name for the Brocade VDX hardware
- Specifying an LLDP system description for the Brocade VDX hardware
- Specifying a user description for LLDP
- Enabling and disabling the receiving and transmitting of LLDP frames
- Configuring the transmit frequency of LLDP frames
- Configuring the hold time for receiving devices
- Advertising the optional LLDP TLVs
- Configuring the advertisement of LLDP DCBX-related TLVs
- Configuring LLDP profiles
- Configuring iSCSI priority
- Configuring the iSCSI profile
- Configuring LLDP interface-level command options
- Displaying LLDP-related information
- Clearing LLDP-related information
- Configuring ACLs
- ACL overview
- Configuring and managing ACLs
- Understanding ACL configuration guidelines and restrictions
- Creating a standard MAC ACL and adding rules
- Creating an extended MAC ACL and adding rules
- Applying a MAC ACL to a DCB interface
- Applying a MAC ACL to a VLAN interface
- Modifying MAC ACL rules
- Removing a MAC ACL
- Reordering the sequence numbers in a MAC ACL
- Creating a standard IP ACL
- Creating an extended IP ACL
- Applying an IP ACL to a management interface
- Binding an ACL in standalone mode or fabric cluster mode
- Displaying the IP ACL configuration
- Configuring QoS
- QoS overview
- Configuring QoS
- Configuring QoS fundamentals
- Configuring traffic class mapping
- Configuring congestion control
- Configuring rate limiting
- Configuring BUM storm control
- Configuring scheduling
- Configuring DCB QoS
- Configuring Brocade VCS Fabric QoS
- Configuring policer functions
- Configuring port-based policer functions
- Configuring a policer class map
- Configuring a policer priority-map
- Configuring the policer policy-map
- Attaching the mutation to the class
- Attaching the port-shaper to the class
- Attaching the scheduler to the class
- Attaching the priority mapping table to the CEE map
- Binding the policy-map to an interface
- Displaying policing settings and policy-maps
- Auto QoS
- Auto QoS configuration guidelines
- Auto QoS restrictions
- Enabling Auto QoS for NAS
- Disabling Auto QoS for NAS
- Displaying Auto-NAS configurations
- Specifying NAS server IP addresses for Auto QoS
- Removing NAS server IP addresses for Auto QoS
- Displaying NAS server IP addresses
- Displaying NAS server statistics
- Clearing NAS server statistics
- Configuring 802.1x Port Authentication
- 802.1x protocol overview
- Configuring 802.1x authentication
- Understanding 802.1x configuration guidelines and restrictions
- Configuring authentication
- Configuring interface-specific administrative features for 802.1x
- Enabling an 802.1x readiness check
- Configuring 802.1x port authentication on specific interface ports
- Configuring 802.1x timeouts on specific interface ports
- Configuring 802.1x port reauthentication on specific interface ports
- Configuring 802.1x port-control on specific interface ports
- Reauthenticating specific interface ports
- Disabling 802.1x on specific interface ports
- Disabling 802.1x globally
- Checking 802.1x configurations
- Configuring sFlow
- Configuring Switched Port Analyzer
- Configuring SFP Breakout Mode
- Section IV: Network OS Layer 3 Routing Features
- Configuring In-Band Management
- IP Route Policy
- Configuring IP Route Management
- Configuring PBR
- Configuring PIM
- Configuring OSPF
- OSPF overview
- Configuring OSPF
- Configuring VRRP
- VRRP overview
- Configuring VRRP
- Virtual Routing and Forwarding configuration
- Configuring BGP
- BGP overview
- Understanding BGP configuration fundamentals
- Configuring BGP
- Device ID
- Local AS number
- IPv4 unicast address family
- BGP global mode
- Neighbor configuration
- Peer groups
- Four-byte AS numbers
- Route redistribution
- Advertised networks
- Static networks
- Route reflection
- Route flap dampening
- Default route origination
- Multipath load sharing
- Configuring the default route as a valid next-hop
- Next-hop recursion
- Route filtering
- Timers
- Using route maps
- Configuring BGP
- Adjusting defaults to improve routing performance
- Using route maps with match and set statements
- Matching on an AS-path ACL
- Matching on a community ACL
- Matching on a destination network
- Matching on a next-hop device
- Matching on a route source
- Matching on routes containing a specific set of communities
- Matching on a BGP4 static network
- Matching on an interface
- Setting a BGP4 route MED to equal the next-hop route IGP metric
- Setting the next-hop of a BGP4 route
- Deleting a community from a BGP4 route
- Using route-map continue statements
- Using a route map to configure dampening
- Clearing configurations
- Configuring IGMP
- Configuring IP DHCP Relay
- DHCP protocol
- IP DHCP Relay function
- Brocade IP DHCP Relay overview
- Configuring IP DHCP Relay
- Displaying IP DHCP Relay addresses for an interface
- Displaying IP DHCP Relay addresses on specific switches
- Displaying IP DHCP Relay statistics
- Clearing IP DHCP Relay statistics
- VRF support
- High availability support
- Section V: Network OS Troubleshooting
- Using the Chassis ID (CID) Recovery Tool
- Troubleshooting procedures
- Troubleshooting overview
- Gathering troubleshooting information
- Using a troubleshooting methodology
- Understanding troubleshooting hotspots
- Licensing
- STP interoperability with Brocade MLX or other switches
- Load balancing distribution
- Static assignment of the routing bridge ID
- FSPF route change
- VCS Fabric mode and standalone mode
- vLAG overview
- vLAG and split-brain
- Principal routing bridge availability
- Brocade trunks
- NIC teaming with vLAG
- Selecting the MTU
- Avoiding oversubscription
- ACL limits issues
- Troubleshooting standard issues
- AMPP is not working
- Verifying the port-profile configuration
- Verifying the VM MAC address
- Verifying the port-profile state
- Verifying the VM kernel MAC addresses
- Verifying a shared storage device
- Verifying the status of a learned profiled MAC address
- Verifying that port profiles do not conflict
- Verifying the Ethernet Name Server
- Verifying an ESX host
- Panic reboots are continuous
- CID card is corrupted
- CPU use is unexpectedly high
- ECMP not load balancing as expected
- ENS not working correctly
- FCoE devices unable to log in
- Traffic is not being forwarded
- ISL does not come up on some ports
- License is not properly installed
- Packets are dropped in hardware
- Recovering the root password by using the root account
- Obtaining the Boot PROM recovery password
- Clearing the Boot PROM password
- Need to recover password for Brocade VDX 8770 or VDX 67xx
- Ping fails
- QoS configuration causes tail drops
- QoS is not marking or treating packets correctly
- RBridge ID is duplicated
- SNMP MIBs report incorrect values
- SNMP traps are missing
- Telnet operation into the switch fails
- Trunk member not used
- Upgrade fails
- VCS Fabric cannot be formed
- vLAG cannot be formed
- Zoning conflict needs resolution
- Zone does not form correctly
- AMPP is not working
- Using troubleshooting and diagnostic tools
- Troubleshooting overview
- TACACS+ Accounting Exceptions
- Supported NTP Regions and Time Zones
- Index