Brocade Switches, ISE compatibility

Similar Messages

• Fabric with two Nexus-5548 and a brocade switch does not get fabric updates

  We have a fabric containing two Nexus 5548 and a Brocade 5000 switch in interop mode 2. When i make changes to the zoning, the first nexus (the fabric principal) and the brocade switch see the zone changes. The second Nexus switch does not see it. There are no error messages but  the change just can't be seen.  What can i do to find out, what goes wrong ?

  Ouch, deprecated is not the word i wanted to read
  We are using 5.1(3)N1(1a) on nexus-rz1-a
  and 6.0(2)N1(2) on nexus-rz2-a.
  The fabric can be seen :
  nexus-rz2-a# show fcs ie vsan 10
  IE List for VSAN: 10
  IE-WWN                   IE     Mgmt-Id  Mgmt-Addr (Switch-name)
  10:00:00:05:1e:90:57:27  S(Rem) 0xfffc01 10.88.133.110 (bc-san1)
  20:0a:00:2a:6a:72:ba:01  S(Loc) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
  20:0a:54:7f:ee:7f:dc:01  S(Adj) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
  [Total 3 IEs in Fabric]
  nexus-rz1-a# show fcs ie vsan 10
  IE List for VSAN: 10
  IE-WWN                   IE     Mgmt-Id  Mgmt-Addr (Switch-name)
  10:00:00:05:1e:90:57:27  S(Adj) 0xfffc01 10.88.133.110 (bc-san1)
  20:0a:00:2a:6a:72:ba:01  S(Adj) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
  20:0a:54:7f:ee:7f:dc:01  S(Loc) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
  [Total 3 IEs in Fabric]
  I try to distribute the zoneset this way:
  zoneset distribute vsan 10
  Zoneset distribution initiated. check zone status
  nexus-rz1-a# show zone status
  VSAN: 10 default-zone: deny distribute: full Interop: 2
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 6291 bytes
      Zonesets:1  Zones:62 Aliases: 44
  Active Zoning Database :
      DB size: 10243 bytes
      Name: FABRIC1  Zonesets:1  Zones:60
  Status: Zoneset distribution completed at 08:06:00 UTC Dec  3 2013
  nexus-rz2-a# show zone status
  VSAN: 1 default-zone: deny distribute: active only Interop: default
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 4 bytes
      Zonesets:0  Zones:0 Aliases: 0
  Active Zoning Database :
      Database Not Available
  Status:
  VSAN: 10 default-zone: deny distribute: full Interop: 2
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 6291 bytes
      Zonesets:1  Zones:62 Aliases: 44
  Active Zoning Database :
      DB size: 10243 bytes
      Name: FABRIC1  Zonesets:1  Zones:60
  Status: Activation completed at 13:03:42 UTC Dec  2 2013

• ISE Compatibility with WLC 5760

  The ISE compatibility Matrix (June 5, 2013), does have a row for WLC 5760 in its tables.
  The WLC 5760 Release Notes says it is compatible with with ISE without specfying which features.
  Why is the WLC 5760 missing from the ISE Compat Matrix and how can I get specific ISE feature support (ie CoA, DACL).
  Thanks.         

  Hello Marvin,
  ISE 1.2 is in road map and it will be available till July 17, 2013 and that will support WLC 5760 and all the features which you are looking.

• DHCP Relay using Brocade Switches

  Hi
  I have a large project with 3 UCM cluster with unity cluster and UCCX
  The network is a Brocade switch environement,
  The Core is using OSPF and distribution is Layer 2.
  I have configured the Cluster with a dedicated DHCP and TFTP service.
  DHCP relay is not working, but when i configure one of the phones with a static IP address it registers and I have full functionality
  When I connect my server dirrectly to the core which is not the design then the dhcp relay works and I get an IP address, but when i traverse the layer2 then i do not get an address.
  In the same topology I connected a Windows DHCP server on the same vlan as my UCM cluster and change the relay address to point to the windows dhcp the i do get an address.
  In an additional test i configured the same setup on cisco switches then the relay works great.
  If anyone has seen or knows of any bug regarding DHCP relay i would be greatful for info
  Thanks
  Lance

  Hi Experts,
  i forgot to mention that i was reading an interesting document on Cisco website "network virtualization design guide",  and they clearly mentioned the below:
  """VRF-awareness for DHCP-relay functionality is currently not supported on any Catalyst platform, but it is required only for supporting overlapping IP addresses"""
  So i would like to ask you if you have any workaround to be done in such deployments
  Thank you in advance
  Samer Labaky
  CCIE # 24675

• 5428-2 , brocade switches and ql2200 with fcip

  I keep on getting these messages when I connect a Qlogic ql2200 adapter to 5428 that's using FCIP between two SAN's that are using Brocade 3800 switches:
  Mar 13 08:21:06: %FC-5-PortOperChange: PortOperChange;2959;0;0;1
  I assume that I don't have the 5428 setup correctly for the ql2200 and I understand that there's a CISCO white paper describing how to set up the 5428 for interoperability with the Brocade switches and Adapaters. Could I please get a copy. Thanks

  I'm trying the vary basics. I disconnected the GE ports from each 5428. I cleared the configuration on one of the 5428's with the "clear conf" command. I then setup the basic information and did a "setup". I plug the fibre cable from the ql2200 into fibre channel port 1. Here's what I get when I run the nameserver command:
  [sm542802]# show fcswitch nameserver all
  0 entries found
  [sm542802]#
  So my problem is that the qlogic adapter is just not seen by the 5428 when I use the default settings.
  If I set the 5428 fc1 port to 1Gb/sec, then I get the following messages...
  Mar 15 17:14:22: %FC-5-PortOperChange: PortOperChange;670;0;0;1
  Mar 15 17:14:24: %FC-5-PortOperChange: PortOperChange;671;0;0;1
  Mar 15 17:14:26: %FC-5-PortOperChange: PortOperChange;672;0;0;1
  Mar 15 17:14:28: %FC-5-PortOperChange: PortOperChange;673;0;0;1
  Mar 15 17:14:30: %FC-5-PortOperChange: PortOperChange;674;0;0;1
  Mar 15 17:14:32: %FC-5-PortOperChange: PortOperChange;675;0;0;1
  Mar 15 17:14:34: %FC-5-PortOperChange: PortOperChange;676;0;0;1
  Mar 15 17:14:36: %FC-5-PortOperChange: PortOperChange;677;0;0;1
  Mar 15 17:14:45: %FC-5-PortOperChange: PortOperChange;678;0;0;1

• ACS and brocade switch support!!!!

  Hi Experts,
  I have two queries:-
  1) Does Broacade switch supports ACS ?
  2) I am trying to configure a Brocade switch to get Radius authentification on an ACS server. But get the user right and not a admin right ?
  Can you please tell me how do i assign the admin right for brocade switch??
  Thanks in advance.
  Regards
  Neha.

  Hi,
  Follow these instructions even if the ACS is already running in detailed logging mode. This will ensure that all the proper service startup information is included in the package.cab file.
  System Configuration --> Service Control --> Level of detail - Full At this point, we need to duplicate the issue.
  Do whatever is causing the problem, or wait for the problem to occur again if it's not triggered by a direct sequence of events. Once that's done, we need to gather the verbose logs created. To do so, follow the instructions below AFTER the problem has been recreated and recorded:
  System Configuration --> Support -->Enable generate logs and Collect last x day logs and Collect Log Files
  Run Support Now. Please save this file and unzip it. You will see a file called rds.log
  This file contains all of the log information from ACS.
  Regards

• Connecting a 3500 through a Brocade Switch to Hitachi SAN

  I have a E3500 with a x6730A fiber card attached to a Brocade Switch and that switch to a Hitachi SAN. I wanted to find out where I need to start? I can see that E3500 recognizes the HBA card, but unsure as to where to go from here. Do I need to get Veritas FS or can I create volumes through Solstice? Any advice would be appreciated. I have all 3 components configured separatly but have never connected any of them together.
  # ls -la /dev/cfg
  total 18
  drwxr-xr-x 2 root root 512 Mar 1 12:10 .
  drwxr-xr-x 14 root sys 3072 Mar 9 13:52 ..
  lrwxrwxrwx 1 root root 51 Mar 1 12:10 c0 -> ../../devices/sbus@2,0/SUNW,socal@d,10000/sf@0,0:fc
  lrwxrwxrwx 1 root root 51 Mar 1 12:10 c1 -> ../../devices/sbus@2,0/SUNW,socal@d,10000/sf@1,0:fc
  lrwxrwxrwx 1 root root 46 Mar 1 12:10 c2 -> ../../devices/sbus@3,0/SUNW,fas@3,8800000:scsi
  lrwxrwxrwx 1 root root 47 Mar 1 12:10 c3 -> ../../devices/sbus@3,0/SUNW,socal@0,0/sf@0,0:fc
  lrwxrwxrwx 1 root root 47 Mar 1 12:10 c4 -> ../../devices/sbus@3,0/SUNW,socal@0,0/sf@1,0:fc
  c3 and c4 are the addresses of the HBA card

  I am currently running Solaris 8 and will be using a Hitachi SAN to put an Oracle 9 database on it. Currently the Brocade switch can see our Hitachi SAN, but we are stuck on how to connect E3500 through x6730A to the Brocade.
  SunOS morrison 5.8 Generic_117350-23 sun4u sparc SUNW,Ultra-Enterprise
  # luxadm probe
  No Network Array enclosures found in /dev/es
  Found Fibre Channel device(s):
  Node WWN:20000020378f9154 Device Type:Disk device
  Logical Path:/dev/rdsk/c0t0d0s2
  Node WWN:20000020379c5e10 Device Type:Disk device
  Logical Path:/dev/rdsk/c1t4d0s2
  Node WWN:20000020375cca44 Device Type:Disk device
  Logical Path:/dev/rdsk/c1t5d0s2
  Node WWN:20000020371ae3ef Device Type:Disk device
  Logical Path:/dev/rdsk/c0t1d0s2
  # format
  Searching for disks...done
  AVAILABLE DISK SELECTIONS:
  0. c0t0d0 <SUN18G cyl 7506 alt 2 hd 19 sec 248>
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;0,0/ssd&#64;w21000020378f9154,0
  1. c0t1d0 <SUN36G cyl 24620 alt 2 hd 27 sec 107> /u04
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;0,0/ssd&#64;w21000020371ae3ef,0
  2. c1t4d0 <SUN18G cyl 7506 alt 2 hd 19 sec 248> /u02
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;1,0/ssd&#64;w21000020379c5e10,0
  3. c1t5d0 <SUN36G cyl 24620 alt 2 hd 27 sec 107> /u03
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;1,0/ssd&#64;w21000020375cca44,0

• Disabling LACP BPDU Forwarding on brocade switch

  Hi,
  I'm having an issue with ports belonging to a Solaris 11 aggregated link becoming saturated.  The LACP link saturation causes our brocade switch to flood all vlan ports with unwanted traffic.  According to the brocade documentation this is normal behavior.
  From: Deploying a LAG
  "When LACP forwarding is enabled, the link OAM packets received on the LACP forwarding enabled interface will be processed and flooded on the VLAN. If the LACP forwarding is not enabled, the link OAM packets will be processed and then dropped."
  Can LACP BPDU Forwarding on a brocade switch be safely disabled when used with a Solaris 11 host?
  If so, what is the expected behavior when a Solaris 11 host saturates a link in an LACP group?  Will it start utilizing the next available link?
  Any info will be greatly appreciated.
  Thanks,
  Rick

  I never enable bpdu guard on AP switchports. Primarily because our business relies heavily on APs and I don't want something accidentally connecting to it that could start sending bpdus in some way. That being said, is there another AP that's in bridge mode or is this AP in bridge that could be receiving a bpdu from the other switchport? That's the only thing off the top of my head that could cause this.
  Yes, I also avoid putting bpdu guard on trunks unless I know it's a port for a host and a phone.
  HTH,
  John

• Connecting backup server to brocade switch help

  Hi all
  We are implementing a new backup server for our SAN, the server currently had one connection to our brocade switch, is it possible to put a second connection to the brocade switch from the server? and will it team them or become a failover connection, I believe the FC card in the server is Q Logic
  hope you can help
  thanks
  Carl

  There are no restrictions whatsoever to how many ports you use to connect from your server to the switch. I had a single server that used 16 ports to each switch.
  I was wrong with the first post as I got sidetracked talking about how FC does trunking. You can't trunk from the server to the switch. It does from switch to switch though. The server multipathing software manages the traffic to the storage array normally in a round robin approach.
  If you just have a backup server <-> switch <-> FC tape drive, the traffic is managed by the backup media agent. Backups are pretty simple as tape drives are just one thing. They are not like storage arrays.
  As far as broadcast goes, look up RSCN.
  FC networking is different to IP so get a book and read up about it.

• Connecting many Brocade switches to Nexus 5548UP

  Hello,
  I have a SAN network composed of few separate PODs. Each POD is divided into SAN-A and SAN-B. Most of those PODs are Brocade switches (FOS 6.1). There are also few Nexus 5520s. Now, we have built new core infrastructure with Nexus 5548UPs and many MDS 9148s. We would like to move all servers and sotrage from old Brocades to the new SAN. As we cannot move all devices at the same time, all segments must be connected to the core for some time. Each POD has different zoning. Some zonings on Brocade switches are based on PWWN, some on Domain ID and Port ID. In my opinion, the only way of successfuly connecting all PODs together is to merge zones manualy (in excel, etc). and paste them on all switches. However, maybe there is some other way of merging all zones? What if I leave Nexus 5548UP in native mode (so zones from Brocade will not get merged), and only implement that manually merged zoneset on Nexus 5548UP? Will the ISL links get isolated due to zoning merge failure? Or they will maintain operational state even if zones are different on each POD? I do not have any lab boxes, so I cannot test it. Any advidse will be appreciated.
  Best regards,
  Krzyszof

  well since you can not cluster the 45K as a virtual switch ( Cisco with new sup will start support VSS in the 4500 try to check which sup exactly and if you can upgrade as this will make a significant improvement to your design )
  anyway the only method that you can use currently is the traditional way which is depending on STP ( use rapid-PVST)
  from each N5K use one separate link to each 45K and STP will put on of the links in blocking mode
  however you might do some STP and vlan design for load sharing where you can send vlan x over link1 and vlan y over link b to the 45K using STP cost
  HTH

• AAA TACACS with Brocade Switches

  We are testing authentication on Brocade switches with our AAA TACACS+ server.  It seems that after authenicating to enable mode, you can type "exit" and be dropped back to level 7 mode.  From this point you can type "enable" and authenticate to the switch using the local "enable" password, not from TACACS.  Has anyone run across this and is there a way to correct it?  Is there something that needs to be configured in TACACS on the server to recognise the Brocade switch and make this work?
  Ray

  Hi Ray,
  What ACS version you are using?
  On a cisco switch the following command is used:
  switch(config)# aaa authentication enable default tacacs+ enable
  The above command is used to set the TACACS+ as the default check for the enable password. If TACACS+ is not available it will fall back to the local enable password.
  You need to look into such option in the Brocade switch.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• ISE compatibility with 4500R

  Hi,
  I'd like to deploy ISE on my network and I have two big 4500R switches : a 4510R and a 4507R.
  A Cisco vendor told me that these last are incompatible with ISE and that I need to buy two 4500E.
  When I see the price of those products i'm a bit suspiscious, since I've read on that page :
  http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html#wp55038
  Device
  Minimum OS Version
  MAB
  802.1X
  Web Auth
  Session CoA
  VLAN
  DACL
  SGA
  IOS Sensor
  CWA
  LWA
  Catalyst 4500
  IOS v12.2(54)SG1
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  No
  The only thing is that the minimum RAM for the version 12.2(54)SG1 is not present because it's 64Mb and those models have 32Mb.
  If I buy RAM and update IOS, will ISE work properly on those devices ?
  Thank you for your further answers !

  Cisco catalyst 4500 should have Supervisor Engine 7-E and Supervisor Engine 7L-E or Supervisor Engine 6-E and Supervisor Engine 6L-E for ISE to support.
  Cisco Catalyst 4000 Series
  Cisco Catalyst 4500   Supervisor Engine 7-E and Supervisor Engine 7L-E
  • Critical Voice VLAN
  • MAC Move/Replace
  • dACL enhancement
  • SXP
  • CoA
  • Device sensor
  • MACsec
  Cisco IOS-XE   Software Release 3.3.0SG or 15.1(1)SG
  Cisco Catalyst 4500   Supervisor Engine 6-E and Supervisor Engine 6L-E
  • Critical Voice VLAN
  • MAC Move/Replace
  • dACL enhancement
  • SXP
  • Device sensor
  • CoA
  Cisco IOS-XE   Software Release 3.2.2SG or 15.0(2)SG2

• Xserve raid brocade switch, do I need xsan for multiple xserve raid with one gbic hba?

  So I have 3 xserve raids.  I would like to mount all 6 volumes on a single server with a 2 port hba. I have a brocade silkworm 3200, however the raid volumes will not mount.  The only thing I can think of is do i need xsan to accomplish this?  Initially I gathered it would be like additional resources on a normally data switch bu that does not seem to be the case.
  Thanks in advance for any assistance.

  No, you don't need XSAN for this. XSAN is for connecting one or more RAID units to more than one host. Since you only have one host, XSAN isn't an issue.
  You may need to look more closely at the switch configuration. Mac OS X doesn't support multipath (at least last time I checked), so you'll need to make sure that you're either using just one link from the server, or that you've setup zoning in the switch so that each link from the server sees a subset of the RAID volumes (e.g. three RAID volumes mapped to each link to the server).
  You may also need to check the RAID configurations to make sure you're not using LUN masking (a feature of earlier firmware versions).
  One test here would be to connect the server directly to each RAID controller in turn and see if you see the appropriate volumes. The chances are you do, which points back to the switch configuration being the issue.

• Question related to SFP, Fiber, and switches model Compatibility for Gigs Connections

  Hi everyone,
  I am in the middle of a project where we are receiving a 2gig Internet connection from a service provider. I need to connect this to a switch , my question is related to what sfp, switch would be the most compatible. I was thinking about a 3750 switch with sfp modules, but i am not sure if a SFP 1000 sx is enough as we are receiving a 2 gig connection via fiber then I would need to use a 10G module, with 10G sfps... mm well i am very confuse... can anyone help me please in your experience with a similar situation
  Thanks.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  A "2 gig" connection might mean a 10g logically limited to 2g, or it might mean the full duplex capacity of a gig link.
  The SFP+ ports on 10g 3750X modules will support either a gig or 10g transceiver.  The SPF ports, on either 10g or gig modules will only support gig.

• My wordpress page displays with elements covering one another only in Firefox. Chrome and IE are fine if IE is switched to compatibility mode

  I am working on a Wordpress page, theme developed by a custom developer (not me). When we view the page in Chrome and IE it is fine - although we had to modify compatibility settings in IE to get it to look right. In Firefox, we are having the same problem we had in IE before the fix - the boxes in the body of the page are laying under the sidebar items. The page was laid out as a table to allow elements to align properly.
  http://www.whoholdsthecardsnow.com/coaching-2/ is the page we are having problems with. The other pages load fine, so I am assuming that it is the table layout that is causing the problem.
  I don't see any way to attach documents so I can't show you what it is doing for me.
  Help please!

  Adding width:100%; to that image seems to work.
  max-width: 100%; doesn't seem to work in Firefox.
  <pre><nowiki><img class="alignleft size-large wp-image-503" width="1024" height="680" alt="coachingtop" src="http://www.whoholdsthecardsnow.com/wp-content/uploads/2014/07/coachingtop-1024x680.png" style="width: 100%;"></nowiki></pre>