Brocade Fiber Channel Switch - CLI Zoning

in ,

Man, I hate Java. Absolutely hate it. Especially when you’re trying to connect to an old, outdated, and non-updated device like a Brocade 300 FC switch.

Sure, I could dig up whatever outdated Java install the switch is calling for, install it, troubleshoot for an hour why Firefox still won’t load the GUI, start drinking heavily, give up on life, and become a hermit. But that seems a little extreme just because of a switch. So instead, I’ll zone my switch through the CLI, which I haven’t done in YEARS. So lets get started!

In this case, I’m connecting three new ESXi hosts to an existing pair of FC switches, with a SAN and several hosts already setup. Start by connecting the hosts to your FC switch. In my case I have dual-port FC cards in the hosts and two FC switches, so I’m going to connect one port from each host to one switch. Make note of where you plug your hosts into, and where the SAN is connected. In my case it looks something like this:

Basic Host/SAN connectivity diagram

In this case, our FC switches are not stacked/connected to ensure separate pathing, so we’ll need to configure each switch separately.

Once the new hosts are connected to the FC switches, SSH into the first switch as an admin user and run cfgshow to display the current zoning configuration.

brcdsw01:admin> cfgshow
Defined configuration:
cfg: Production
ESXi01_Zone; ESXi02_Zone;ESXi03_Zone; ESXi04_Zone
zone: ESXi01_Zone
SAN_0A; SAN_1A; ESXi01
zone: ESXi02_Zone
SAN_0A; SAN_1A; ESXi02
zone: ESXi03_Zone
SAN_0A;SAN_1A; ESXi03
zone: ESXi04_Zone
SAN_0A; SAN_1A; ESXi04
alias: SAN_0A
50:00:00:00:00:00:00:30; 50:00:00:00:00:00:00:30
alias: SAN_1A
50:00:00:00:00:00:00:38; 50:00:00:00:00:00:00:38
alias: ESXi01 10:00:00:00:00:00:00:d5; 20:00:00:00:00:00:00:d5
alias: ESXi02 10:00:00:00:00:00:00:5d; 20:00:00:00:00:00:00:5d
alias: ESXi03 10:00:00:00:00:00:00:00; 20:00:00:00:00:00:00:93
alias: ESXi04 10:00:00:00:00:00:00:46; 20:00:00:00:00:00:00:46

Effective configuration:
cfg: Production
zone: ESXi01_Zone
50:00:00:00:00:00:00:30
50:00:00:00:00:00:00:38
10:00:00:00:00:00:00:d5
20:00:00:00:00:00:00:d5
zone: ESXi02_Zone
50:00:00:00:00:00:00:30
50:00:00:00:00:00:00:38
10:00:00:00:00:00:00:5d
20:00:00:00:00:00:00:5d
zone: ESXi03_Zone
50:00:00:00:00:00:00:30
50:00:00:00:00:00:00:38
10:00:00:00:00:00:00:93
20:00:00:00:00:00:00:93
zone: ESXi04_Zone
50:00:00:00:00:00:00:30
50:00:00:00:00:00:00:38
10:00:00:00:00:00:00:46
20:00:00:00:00:00:00:46

Without going into too much detail, the above output tells us the current switch config has a Configuration Group called “Production”. That Group has four Zones: ESXi01_Zone; ESXi02_Zone;ESXi03_Zone; ESXi04_Zone. Each one of those Zones contains three aliases: one entry for the hosts and two entries for the SAN (Redundant SAN controllers, side A and side B). Each Alis has the discovered WWPNs for each attached system. To configure the switches for our new hosts, we’ll be working backwards, creating an alias for each hosts, then putting those aliases into zones, then updating and enabling our Configuration Group.

Run the command switchshow to see the port state and WWPN discovered on each port.

brcdsw01:admin> switchshow
switchName: brcdsw01
switchType: 71.2
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 20
switchId: fffc14
switchWwn: 10:00:00:05:33:2d:57:b4
zoning: ON (Production)
switchBeacon: OFF
HIF Mode: OFF

Index Port Address Media Speed State Proto
==================================================

0 0 140000 id N8 Online FC F-Port 50:00:00:00:00:00:00:30
1 1 140100 id N8 Online FC F-Port 50:00:00:00:00:00:00:38
2 2 140200 id N8 No_Light FC
3 3 140300 id N8 No_Light FC
4 4 140400 id N8 Online FC F-Port 21:00:00:00:00:00:00:4c
5 5 140500 id N8 Online FC F-Port 21:00:00:00:00:00:00:54
6 6 140600 id N8 Online FC F-Port 21:00:00:00:00:00:00:60

***Additional port config removed***

Ports 0 and 1 are the connections to the SAN, and ports 4, 5, & 6 connect to each of the new hosts.

Lets create the new aliases for each of the three new hosts:

brcdsw01:admin> alicreate "LabHost01", "21:00:00:00:00:00:00:4c"
brcdsw01:admin> alicreate "LabHost02", "21:00:00:00:00:00:00:54"
brcdsw01:admin> alicreate "LabHost03", "21:00:00:00:00:00:00:60"

We can rerun the cfgshow command to verify our aliases have been created:

brcdsw01:admin> cfgshow
Defined configuration:
*****************************************
alias: LabHost01
21:00:00:00:00:00:00:4c
alias: LabHost02
21:00:00:00:00:00:00:54
alias: LabHost03
21:00:00:00:00:00:00:60

Now we’ll need to create three new zones containing one host alias, and the two SAN aliases, again using cfgshow to verify our new Zones:

brcdsw01:admin> zonecreate "LabHost01_Zone", "LabHost01; SAN_0A; SAN_1A"
brcdsw01:admin> zonecreate "LabHost02_Zone", "LabHost02; SAN_0A; SAN_1A"
brcdsw01:admin> zonecreate "LabHost03_Zone", "LabHost03; SAN_0A; SAN_1A"

brcdsw01:admin> cfgshow
Defined configuration:
*****************************************
zone: LabHost01_Zone
LabHost01; SAN_0A; SAN_1A
zone: LabHost02_Zone
LabHost02; SAN_0A; SAN_1A
zone: LabHost03_Zone
LabHost03; SAN_0A; SAN_1A

***********************************************
alias: LabHost01
21:00:00:00:00:00:00:4c
alias: LabHost02
21:00:00:00:00:00:00:54
alias: LabHost02
21:00:00:00:00:00:00:60

Now we need to add the new zones to existing Configuration Group:

If you’re setting the zoning up from scratch, use the command cfgcreate.

brcdsw01:admin> cfgadd "Production", "LabHost01_Zone"
brcdsw01:admin> cfgadd "Production", "LabHost02_Zone"
brcdsw01:admin> cfgadd "Production", "LabHost03_Zone"


brcdsw01:admin> cfgshow
Defined configuration:
cfg: Production
ESXi01_Zone; ESXi02_Zone; ESXi03_Zone; ESXi04_Zone; LabHost01_Zone; LabHost02Zone; LabHost03Zone

If you don’t already have a Configuration Group, use the command:

cfgcreate “CONFIG_NAME”, “ZONE_NAME”

Now that we have updated out configuration, we finally need to save and commit the changes for them to become active. Use the commands cfgsave and cfgenable to save and commit the changes we have just made:

brcdsw01:admin> cfgsave
WARNING!!!
The changes you are attempting to save will render the
Effective configuration and the Defined configuration
inconsistent. The inconsistency will result in different
Effective Zoning configurations for switches in the fabric if
a zone merge or HA failover happens. To avoid inconsistency
it is recommended to commit the configurations using the
'cfgenable' command.

Do you want to proceed with saving the Defined
zoning configuration only? (yes, y, no, n): [no] yes
Updating flash ...
brcdsw01:admin> cfgenable "Production"
You are about to enable a new zoning configuration.
This action will replace the old zoning configuration with the
current configuration selected. If the update includes changes
to one or more traffic isolation zones, the update may result in
localized disruption to traffic on ports associated with
the traffic isolation zone changes
Do you want to enable 'Production' configuration (yes, y, no, n): [no] yes
zone config "Production" is in effect
Updating flash ...

If we take a look at cfgshow one last time, we’ll see the Effective Configuration now has our new zones:

brcdsw01:admin> cfgshow
****************************
Effective configuration:
cfg: Production
**************************
zone: LabHost01_Zone
21:00:00:00:00:00:00:4c
50:00:00:00:00:00:00:30
50:00:00:00:00:00:00:38
zone: LabHost02_Zone
21:00:00:00:00:00:00:54
50:00:00:00:00:00:00:30
50:00:00:00:00:00:00:38
zone: LabHost02_Zone
21:00:00:00:00:00:00:60
50:00:00:00:00:00:00:30
50:00:00:00:00:00:00:38

Now rinse and repeat for your second FC switch if necessary.

Once both switches are zoned, you can now configure your SAN to allow LUN access to your new hosts.

Mobile AP solution - Ruckus M510 AP

in ,

I have a prospective customer who, during the course of our conversation, explained that one of their issues was for mobile service workers to have wireless connectivity back into their network. Using a Ruckus SmartZone SZ-100 AP controller and GRE tunneling from the APs, this can be accomplished with relative ease. Or so the Ruckus marketing materials and my local Ruckus SE led me to believe. It ended up being easy, but the documentation and knowledge was lacking so it took quite a bit of trial and error on my part to get it figured out.

The M510 AP from Ruckus is an indoor AP designed for LTE backhaul, which makes it perfect for deployment in vehicles, pop-up locations, and temporary office locations such as construction sites or first-responder field operations.

Ruckus M510 Data Sheet

My SmartZone is running as a VM without a Data Plane, so I can’t run GRE tunneling back to my controller. This works for my demo purpose, but doesn’t give my clients an experience as if they were inside the network. For a production environment I’d suggest either a vSZ/vSZ-D deployment, or a SZ-100 physical appliance and use tunneling from the AP to the controller.

The first thing you’ll need to do is contact AT&T and get a SIM card with a data plan. Make sure you get a Micro-SIM card. The M510 can take up to two SIM cards, but currently only works with AT&T. I believe that another carrier (Sprint?) is being tested and should be available sometime this year but it’s only AT&T for now, sorry. Also, you’ll need a M510 AP and an AP license for your Smart Zone.

AT&T Compatible Data Plan

Before you get into the SmartZone configuration change, plan out how your mobile wireless will be utilized and deployed. If you are going to broadcast your internal SSIDs through your mobile APs, then you can get away with just your Default AP and Wireless Zone and just worry about creating the appropriate AP Groups. Becasue I’m going to be broadcasting an SSID only for testing and demo purposes, I’ll create separate AP and Wireless Zones/Groups for my M510 AP.

Setup SmartZone for External Access

First things first, for this to work you’re going to need to get your SmartZone an external IP address and set up some firewall rules. The ports you’ll need to forward are:

TCP ports:
Port 21 = FTP Com port
Port range 16384-65000 (configurable in vSCG) = FTP Passive port range
Port 443 = https port for AP to vSCG Registration
Port 22 = SSH Tunnel from AP to SCG
Port 91 = AP and vSCG firmware update and other uses port
Optional TCP Ports:
Port 8443 = Used for vSCG WebUI access from remote (if needed, this may not be necessary if you are using a 3 interface configuration and using VPN to connect to management interface)
Port 7443 = Port used by SWIPE (not required if you are not using SWIPE to provision APs onsite)

UDP Ports:
Port 12223 = LWAP communication port for APs not running vSCG firmware to communicate with vSCG and get upgraded (using passive FTP ports mentioned above

You also need to set the external NAT address of your SmartZone so that the APs keep the correct IP address for their SCG connections. Go to System/Cluster and edit your Control Plane Network Settings. Set the Control NAT IP Address to your external IP address and click save.

Setup AP Zones and Groups

Lets start by setting up an AP group that the M510 AP(s) will live in. Since we’ll want to have different settings for our mobile APs, it’s easiest to create a new AP group to manage these settings instead of making changes to each individual AP. Because this is a demo environment, I’m also going to create an AP Zone. I want to have obvious delination of my production and demo environment only setting up one AP Zone, and a single AP Group. If this was a production environment, I’d have multiple AP groups depending on how my mobile APs were being deployed (AP per site, or AP per function). I like to keep my Zones and groups in a parent-child config, so all of my general mobile AP settings will be set in my AP Zone. Any site or function specific settings will be configured in the AP Group.

I have created an AP Zone called MobileZone, and I’ll set my AP model specific settings in this zone.


Since you’ll be using AT&T for your LTE backhaul, contact them to make sure the APN is correct, but for me it’s “broadband”. I set my M510 COnfiguration settings to mostly default, except for the primary and secondary APN, and the LAN 2 port is set to “Default Trunk Port (LAN)” instead of WAN. This will let me plug a switch into the port and connect additional devices via ethernet. I also set my WAN connection to “Cellular (Primary) with Ethernet failover”. Make any other AP settings you want here, such as channel selection, AP reboot timeout, or radio channels and transmit power.

If you;’re deploying multiple APs and need different AP Groups, configure those now and make any AP Group setting changes you want. Again, since this is a demo setup, I’m using a single default AP group with default AP settings.

If you have added your M510 to your SmartZone, you can now move it into the correct Zone and group.

Setup Wireless Zones and Groups

When you create a Zone and a Group either in the AP configuration or the Wireless LAN configuration, they get created in both locations. So since we created an AP Zone and Group earlier, we’ll see them in our Wireless LAN configuration as well. So now we can create our new wireless network for our mobile APs.

Create your new wireless network and configure it as needed. Don’t forget to go back to your Wireless LAN Group configuration and add your new WLAN.

Also make sure that in your AP Group you have the correct WLAN group selected for broadcast.

At this point your M510 AP should be broadcasting your SSID and connecting to your AT&T LTE. The M510 AP will attempt to connect to the network through the assigned WAN interface if a cable is plugged in, so if you’re planning on using PoE to power the AP, make sure to set the PoE interface as your LAN connection (instead of the default WAN). I suggest powering it through an AC adaptor or the built-in DC 9-16V power block.

GPS Location and Map Display

In order to get SmartZone to show your M510 location you will need to get a Google Maps API key. From the Dashboard, click on the Map settings icon.

vSZ M510 setup 007.png

This opens the Map Settings window. Click on the Google Map API Key and enter your API key. If you don’t have an API key, click on the link shown in the window and get an API key.

vSZ M510 setup 008.png

It took a while the first time, but eventually my M510 AP started showing up on the map.

DHCP

Probably the easiest way to deploy DHCP out to your mobile sites is to put a DHCP server on your M510 APs. The SmartZone allows you to run a DHCP server on each AP, run DHCP across multiple APs, or run DHCP on a hierarchical AP setup.

DHCP enabled on each AP.

DHCP enabled on multiple APs.

DHCP enabled on hierarchical APs.

Regardless on how you pan on implementing DHCP on the APs, the setup is the same. In your SmartZone, go to Services & Profiles / DHCP & NAT. The first thing we need to do is create our DHCP Pool(s). Click the DHCP Pool tab, and then create a new DHCP pool in the correct Zone (MobileZone in my case).

Once the DHCP Pool is created, go to the DHCP Settings tab. This is where we’ll define the type of DHCP hierarchy we’ll be running. Click on your Zone and then click the Enable DHCP Services on AP button.

vSZ M510 setup 015.png

Click Edit DHCP Serveries on AP button and follow the prompts to pick your type of DHCP hierarchy, the Pool associated with your server, and the APs you want to run DHCP services on.

You should now have a fully configured and running Ruckus M510 AP!