53-1001117-02 15 October 2011 Brocade Encryption Switch Hardware Reference Manual Supporting Fabric OS v6.1.
Copyright © 2008, 2011 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, NetIron, SAN Health, ServerIron, and TurboIron are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Brocade Encryption Switch Hardware Reference Manual 53-1001117-02 iii
iv Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
Contents About this document Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Text Formatting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Connecting a serial cable between switch and host . . . . . . . . . 15 Logging in to the serial console port . . . . . . . . . . . . . . . . . . . . . 15 Setting the IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Logging off the serial console port and disconnecting the serial cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Regulatory compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Power-cord notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Power-cord notice (Japan, Denan) . . . . . . . . . . . . . . . . . . . . . . . 35 FCC warning (US only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 KCC statement (Republic of Korea) . . . . . . . . . . . . . . . . . . . . . . 36 VCCI statement (Japan) . . . . . . . . . . . . . . . . . . . . . .
viii Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
About this document Introduction This document is written for systems administrators and technicians experienced with Fibre Channel and storage area network (SAN) technologies. It provides an overview of the Brocade Encryption Switch and its installation, configuration, and operation procedures. This introductory section presents this general information: • How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix • What’s new in this document . . . . . . . .
Document conventions This section describes text formatting conventions.
Additional information This section lists additional Brocade and industry-specific documentation that you might find helpful. Brocade resources To get up-to-the-minute information, join Brocade Connect. It’s free! Go to http://www.brocade.com and click Brocade Connect to register at no cost for a user ID and password. For practical discussions about SAN design, implementation, and maintenance, you can obtain Building SANs with Brocade Fabric Switches through: http://www.amazon.
Getting technical help Contact your switch supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1.
Attention notices An attention notice indicates the possibility of damage to a program, device, or system, or to data. This is a sample of an attention notice: ATTENTION Do not bend a fiber cable to a radius less than 5 cm (2 in.); you can damage the cable. Tie wraps are not recommended for optical cables because they can be easily overtightened, causing damage to the cable.
xiv Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
Chapter 1 Introducing the Brocade Encryption Switch In this chapter This chapter introduces the Brocade Encryption Switch and includes these topics. • Introducing the Brocade Encryption Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . • Port side of the switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Non-port side of the switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Field-replaceable units (FRUs) . . . .
1 • Integrated with industry leading key management systems, including Lifetime Key Management (LKM) and RSA Key Manager (RKM). • Full 1:1 subscription on all 32 ports at 8 Gbps. • HA cluster, Data Encryption Key (DEK) cluster, and Encryption Group (EG) to enable transparent failover, host MPIO failover, and centralized management of multiple encryption switches. • Support for automatic expiry or CLI manual based re-keying. • Compliance with encryption standards: AES256-XTS 1619.
1 • “Pay as you go” port and performance scalability through an Encryption Performance Upgrade License. The base configuration provides 34 Gbps of encryption bandwidth. Each Encryption Performance Upgrade License activates an additional 34 Gbps bandwidth. Each switch accepts two encryption-performance upgrades for a total of 102 Gbps of encryption bandwidth. The front-end user ports in the basic, first, and second levels of encryption bandwidth remain as 32 ports at 8 Gbps Fibre Channel.
1 Port Numbering The Fibre Channel ports on the switch are numbered from 0 to 31 (Figure 2). FIGURE 2 Port numbering Non-port side of the switch The non-port side of the switch (Figure 3) includes the two redundant power supply FRUs, three redundant fan assembly FRUs, and their status LEDs.
1 Field-replaceable units (FRUs) The switch has two power supply (Figure 4) and three fan assembly (Figure 5) FRUs that are redundant and hot swappable. The FRUs are capable of functioning universally (100 - 240 VAC input range) without voltage jumpers or switches. The power supply FRUs are identical and interchangeable; the fan assembly FRUs are also identical and interchangeable. In addition, the switch chassis itself is a FRU (Figure 6).
1 1 Captive screw 2 Fan status LED FIGURE 5 6 Fan assembly Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
1 FIGURE 6 Switch chassis Brocade Encryption Switch Hardware Reference Manual 53-1001117-02 7
1 8 Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
Chapter Installing and configuring the switch 2 In this chapter This chapter provides information on setting up and performing an initial configuration of the Brocade Encryption Switch. • Time and items required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 • Site preparation and installation guidelines . . . . . . . . . . . . . . . . . . . . . . . . . 11 • Items included with the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Table 1 describes the main installation and setup tasks and the estimated time required for each task. These time estimates assume a prepared installation site and appropriate power and network connectivity.
2 Site preparation and installation guidelines The following steps are required to ensure correct installation and operation. 1. Provide a space that is 2 rack units (2U) high. 1U is equal to 4.45 cm (1.75 in.). 2. Plan to install the switch with the nonport side facing the air-intake aisle. The switch can be installed facing either direction, if serviceability and cooling requirements are met. Ensure that: • A minimum of 53 cubic feet per minute (90.
2 Items included with the switch The following items are included with the standard shipment of the switch. • The Brocade Encryption Switch, containing two power supplies and three fan assemblies • One accessory kit containing: • Serial cable with an RJ-45 connector. • Two 6 ft.
2 Configuring the switch To configure the switch, perform the following tasks. Figure 7 illustrates the flow of these configuration tasks. • Connecting a serial cable between switch and host. . . . . . . . . . . . . . . . . . . • Logging in to the serial console port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Setting the IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 FIGURE 7 14 Switch configuration Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
2 Connecting a serial cable between switch and host Follow these steps to connect a serial cable. 1. Remove the plug from the serial port and connect the serial cable provided with the switch. 2. Connect the cable to an RS-232 serial port on the workstation. If the serial port on the workstation is RJ-45 instead of RS-232, remove the adapter on the end of the serial cable and insert the exposed RJ-45 connector into the RJ-45 serial port on the workstation. 3.
2 Setting the IP address Configure the switch with a static IP address. Setting a static IP address 1. Log into the switch using the default password, which is password. 2. Use the ipaddrset command to set the Ethernet IP address. Enter the IP address in dotted decimal notation as prompted. Ethernet IP Address: 192.168.74.102 3. Complete the rest of the network information as prompted. Ethernet Subnetmask: 255.255.255.0 Ethernet IP Address: 192.168.74.102 Ethernet Subnetmask: 255.255.255.0 4.
2 • If the switch is not powered on until after it is connected to the fabric and the default domain ID is already in use, the domain ID for the new switch is automatically reset to a unique value. • If the switch is connected to the fabric after it has been powered on and the default domain ID is already in use, the fabric segments. To find the domain IDs that are currently in use, run the fabricShow command on another switch in the fabric. a. Disable the switch by entering the switchDisable command. b.
2 Setting the time zone To set the time zone, follow these steps. 1. If necessary, log on to the switch by Telnet, using the admin account. 2. Enter the tsTimeZone command as follows: switch:admin> tstimezone [--interactive]/ [, timezone_fmt] Use timezone_fmt to set the time zone by Country/City or by time zone ID, such as MST. The following example shows how to change the time zone to US/Mountain.
2 switch:admin> tsclockserver 132.163.135.131 switch:admin> The following example shows how to set up more than one NTP server using a DNS name: switch:admin> tsclockserver "10.32.170.1;10.32.170.2;ntp.localdomain.net" Updating Clock Server configuration...done.
2 FIGURE 8 Installing an SFP into an upper port 4. Connect the cables to the transceivers. The cables used in trunking groups must meet specific requirements. For a list of these requirements, see the Fabric OS Administrator’s Guide. NOTE The cable connectors are keyed to ensure correct orientation. If a cable does not install easily, ensure that it is correctly oriented. a. Orient a cable connector so that the key (the ridge on one side of the connector) aligns with the slot in the transceiver.
2 Managing cables ATTENTION The minimum bend radius for a 50 micron cable is 2 in. under full tensile load and 1.2 in. with no tensile load. Cables can be organized and managed in a variety of ways: for example, using cable channels on the sides of the cabinet or patch panels to minimize cable management. Following is a list of recommendations: • Plan for rack space required for cable management before installing the switch. • Leave at least 3.28 ft (1 m) of slack for each port cable.
2 • • • • Configuring the global parameters and policies of the encryption group Generating and backing up the master key in RSA environments Handling key-vault high-availability Configuring cluster interconnect After completing the pre-initialization tasks, you may need to perform several tasks related to configuring the encryption group. Figure 9 summarizes the flow of the encryption-configuration tasks.
Chapter 3 Maintaining the switch In this chapter This chapter provides information about operating and maintaining the switch and includes these topics. • Interpreting LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Interpreting POST results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Diagnostic testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 . 1 2 3 4 5 6 7 System status LED (amber) System power LED (green) GE (cluster Ethernet) link LED (green) GE (cluster Ethernet) activity LED (green) Ethernet link LED (green) Ethernet activity LED (green) Port status LED (green/amber, shown for port 5) FIGURE 10 Port-side LEDs LEDs on the nonport side of the switch The nonport side of the switch has the following LEDs (Figure 11): • One power supply status LED • One fan status LED.
3 LED functions Table 2 describes the switch and FRU LEDs and their function. TABLE 2 Switch and FRU LEDs LED Name LED Color Status of Hardware Recommended Action System status (Attention) No light System is on and functioning properly. No action required. Steady amber (for more than five seconds) Indicates one of the following: Fan FRU or power supply FRU is faulty. • Boot failed. • System is faulty. NOTE: This LED displays steady amber during POST, this is normal and does not indicate a fault.
3 TABLE 2 26 Switch and FRU LEDs (Continued) LED Name LED Color Status of Hardware Recommended Action Port status No light Indicates one of the following: No signal or light carrier (media or cable) detected. • The switch may be initializing. • Connected device is configured in an offline state. Try the following: • Verify the power LED is on, and check the SFP and cable. • Verify the switch is initializing. • Verify the status of the connected device.
3 TABLE 2 Switch and FRU LEDs (Continued) LED Name LED Color Power supply status No light Fan status Status of Hardware Recommended Action Indicates one of the following: Power supply FRU is switched off. • Power supply FRU is not seated correctly. • Power cord is disconnected. • Power cord is not actively powered. • The power supply FRU has failed. Try the following: • Verify that the power supply FRU is powered on. • Verify that the power supply FRU is seated correctly.
3 Interpreting POST results POST is a system check that is performed each time the switch is powered on, rebooted, or reset, and during which the LEDs flash different colors. Total boot time with POST is up to 3 minutes. NOTE While not recommended, POST can be omitted after subsequent reboots by using the fastboot command or entering the diagDisablePost command to persistently disable POST. For more information about these commands, refer to the Fabric OS Command Reference.
3 Diagnostic testing In addition to POST, the Fabric OS includes diagnostic tests to troubleshoot the hardware and firmware. This includes tests of internal connections and circuitry, fixed media, and the transceivers and cables. The tests are implemented by command, either through a Telnet session or through a terminal set up for a serial connection to the switch.
3 Fan assembly The three fan assemblies are hot-swappable if replaced one at a time. They are identical and fit into any fan slot. Fabric OS identifies the fan assemblies as follows (viewing the switch from the port side): • Fan assembly 1 is on the left. • Fan assembly 2 is in the center. • Fan assembly 3 is on the right. To determine if a fan assembly requires replacing, do any of the following: • Check the system status LED (Figure 11).
Appendix A Specifications In this appendix This appendix provides the specifications, requirements, and compliances for the Brocade Encryption Switch and includes this information. • General specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Size and weight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A TABLE 1 General specifications (Continued) Specification Description Certified maximum 6000 active nodes; combination of 56 switches, 19 hops; larger fabrics certified as required. ISL trunking Frame-based trunking with up to eight 8 Gbps ports per ISL trunk; up to 64 Gbps per ISL trunk. Aggregate bandwidth 512 Gbps per switch for non-encrypted traffic. Maximum frame size 2112-byte payload for FC. Classes of service Class 2 (non-encrypted traffic), Class 3, Class F (inter-switch frames).
A Size and weight Table 3 lists the dimensions and weight of the switch. TABLE 3 Physical specifications Dimension Value Height 2U = 86 mm (3.34 inches) Depth 635 mm (25 inches) Width 429 mm (16.88 inches) Weight (with two power supplies; no SFPs) 22.4 kg (49.4 lbs) Environmental requirements Table 4 lists the acceptable environmental ranges for operating and nonoperating (such as during transportation or storage) conditions.
A Power specifications The power supplies are universal and capable of functioning worldwide without voltage jumpers or switches. They meet IEC 61000-4-5 surge voltage requirements and are autoranging in terms of accommodating input voltages and line frequencies. Each power supply has a built-in fan for cooling, pushing air towards the port side of the switch. Table 5 lists the power specifications for the switch.
A Regulatory compliance This section describes the regulatory compliance requirements for the Brocade Encryption Switch. • • • • • • • • • • “Power-cord notice” “Power-cord notice (Japan, Denan)” “FCC warning (US only)” “KCC statement (Republic of Korea)” “VCCI statement (Japan)” “BSMI statement (Taiwan)” “CE statement” “Canadian requirements” “Laser compliance” “Regulatory compliance standards” Power-cord notice CAUTION This switch might have more than one power cord.
A FCC warning (US only) This equipment has been tested and complies with the limits for a Class A computing device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instruction manual, might cause harmful interference to radio communications.
A CE statement NOTE This is a Class A product. In a domestic environment, this product might cause radio interference, and the user might be required to take corrective measures.
A Regulatory compliance standards Table 7 lists the regulatory compliance standards for which the Brocade Encryption Switch is certified. TABLE 7 Regulatory compliance standards Country Standards Agency Certifications and Markings Safety EMC Safety EMC United States Bi-Nat UL/CSA 60950-1 1st Ed or latest ANSI C63.
A Environmental regulation compliance This section describes the China RoHS environmental regulatory compliance requirements for the switch. China RoHS The contents included in this section are per the requirements of the People's Republic of ChinaManagement Methods for Controlling Pollution by Electronic Information products.
A China RoHS hazardous substances/toxic substances (HS/TS) concentration chart In accordance with China's Management Measures on the Control of Pollution caused by Electronic Information products (Decree No. 39 by the Ministry of Information Industry), the following information is provided regarding the names and concentration level of hazardous substances (HS) which may be contained in this product.
A Brocade Encryption Switch Hardware Reference Manual 53-1001117-02 41
A 42 Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
Index A accessory kit, 12 airflow, 11, 33 altitude, 33 attention notices, xiii B Brocade Encryption Switch See switch BSMI statement (Taiwan), 36 C cables, attach, 19 Canadian requirements, 37 CE statement, 37 China RoHS, 39 compliance environmental regulation, 39 regulatory, 35, 38 configuration backup, 19 verify, 19 configure encryption, 21 switch, 13, 43 conventions, document, x D data transmission, ranges, 34 date and time, setting, 17 diagnostic tests, 29 diagnostics, 2 Brocade Encryption Switch H
FRU chassis, 5 checking, 29 fan assembly, 2, 5 power supply, 2, 5 SFP, 2, 19 H heat dissipation, 33 help, technical, xii humidity, 33 I installation guidelines, 11 items required, 9, 11 rack mount, 9 SFP, 19 stand-alone, 12 tasks, 10 time required, 9 Integrated Routing Fabric Service, 2 IP address, 16 ISL trunking, 2 J Japan, Denan, 35 K KCC statement, 36 KCC statement (Republic of Korea), 36 key management, 2 M management CLI, 1 DCFM, 1 switch, 32 MIC statement (Republic of Korea), 36 N notices, atte
serial number, switch, xii SFP, 2, 19 shock, 33 site planning, 11 smart card, 2 specifications, general, 31 standards encryption, 2 regulatory compliance, 38 support, NPIV, 2 switch chassis, 5 configure, 13, 43 connect to, 15 date and time, 17 domain ID, 16 encryption, 21 encryption bandwidth, 3 Encryption Performance Upgrade License, 3 environmental requirements, 33 ethernet connection, 16 installation tasks, 10 IP address, 16 LEDs, nonport side, 24 LEDs, port side, 23 management, 1, 32 power off, 21 power
46 Brocade Encryption Switch Hardware Reference Manual 53-1001117-02
