How to configure a Brocade Silkworm series switch

Author: NetworkAdminKB.com
Created: 2007-05-04
Modified: 2008-11-19

Information:
This configuration assumes a new switch is being installed and you have not configured Brocade switches before.  This was written for v5.x firmware on the Brocade switch.

 

Initial IP Configuration via Serial Cable

1)      Do Not Power on the Switch

2)      Read the Quick Start Guide

3)      Connect a Serial Cable to Switch and Computer

4)      Start a Terminal Session to the switch

a.       Bits/second: 9600

b.      Databits: 8

c.       Parity: None

d.      Stop Bits: 1

e.       Flow Control: None

5)      Power on the Swtich

6)      When the Terminal Session stops reporting information, press Enter to display the login prompt

7)      Default Login

a.       User: admin

b.      Pass: password

8)      First time login, press Enter to change default passwords

a.       User: root

                                                               i.      Type password

b.      User: factory

                                                               i.      Type password

c.       User: admin

                                                               i.      Type password

d.      User: user

                                                               i.      Type password

9)      Set IP Address

a.       Type: ipaddrset

                                                               i.      Ethernet IP Address: 10.0.0.0 (choose appropriate address)

                                                             ii.      Ethernet Subnet: 255.255.0.0 (choose appropriate subnet)

                                                            iii.      Fibre Channel IP Address: None

                                                           iv.      Fibre Channel Subnet: None

                                                             v.      Gateway IP Address: 10.0.0.0 (choose appropriate gateway)

10)  Show IP Address

a.       Type: ipaddrshow

11)  Show Ethernet Duplex

a.       Type: ifmodeshow eth0

b.      If not auto-negotiated to Full Duplex hardest Full Duplex

12)  Set Ethernet Duplex if needed

a.       Type: ifmodeset eth0

                                                               i.      Auto-negotiate: n

                                                             ii.      Force 100 Mbps / Full Duplex: y

13)  Reboot Switch

a.       Type: reboot

14)  Once the switch is rebooted, verify active IP by pinging from a workstation.

a.       If this fails troubleshoot the IP and Duplex settings until the problem is resolved

 

 

Configuration via a Telnet Session

1)      Start a Telnet session to the switch IP Address

a.       Login as Admin

2)      Configure Domain ID

a.       Type: switchdisable

b.      Type: configure

                                                               i.      Fabric parameters (yes, y, no, n): y

                                                             ii.      Domain: (1..239) [1]:  type appropriate Domain ID

                                                            iii.      Press Ctrl-D to accept remaining settings

c.       Type: switchenable

3)      Configure Network Time Server

a.       Type: tsclockserver ipaddress

4)      Configure Time Zone

a.       Type: tstimezone [houroffset [, minuteoffset]]

                                                               i.      For Pacific Standard Time enter: tsTimeZone -8,0

                                                             ii.      For Central Standard Time enter: tsTimeZone -6,0

                                                            iii.      For Eastern Standard Time enter: tsTimeZone -5,0

5)      Verify Switch Role (Principal Switch)

a.       Type: switchshow

b.      Find SwitchRole

6)      Reboot Switch

a.       Type Reboot

 

Configuration via the WebTools

1)      Open Web Browser

a.       Http://switch_ip_address

2)      Click the Admin button

a.       User: admin

b.      Pass: Type appropriate password

3)      Configure Switch Name and DNS

a.       Click Switch Tab

b.      Name: switch name

c.       DNS Server 1: appropriate DNS Server

d.      DNS Server 2: appropriate DNS Server

e.       Domain Name: win-na.com

f.        Click Apply

g.       Click Yes

4)      Configure SNMP as needed

a.       Note: Brocade hard codes the Read Write / Read Only fields, fill in the table from the top down in the first available Read Write / Read Only fields.  Leave all other existing entries alone.

b.      Access Control List

                                                               i.      SNMP server ip address          Read Write

c.       Click Apply

d.      Click Yes

5)      Configure License

a.       Gather paper license and code for the additional Ports on Demand activation.

b.      Follow instructions on paper sheet to generate the license key

c.       Click Add

                                                               i.      Cut and paste license key

                                                             ii.      Click Add License

                                                            iii.      Repeat as needed.

d.      Click Refresh to view new license

e.       **The ports can now be enabled individually, or reboot the switch to enable all ports.

6)      Configure Radius (AAA Service)

a.       See “Brocade Fabric OS vX.X.X Procedures Guide” for more information.

* Create these groups only once.

b.      Using Active Directory Users and Computers create 1-2 groups

                                                               i.      One group for “Brocade Admins” (Required)

                                                             ii.      One group for “Brocade Users” (Optional)

                                                            iii.      Both groups must be Global or Universal Groups

                                                           iv.      Place users as needed into appropriate group.

 

*** The Radius server should be configured to accept connections prior to the switch configuration.  Please verify “Windows 2003 IAS Configuration” section is completed

c.       Switch Configuration

                                                               i.      Click Add Button

1.      Radius Server: IP Address of IAS/Radius server.

2.      Port: 1812

3.      Secret String: <type shared secret password>

4.      Authentication: PAP

                                                             ii.      AAA Services

1.      Primary: Radius

2.      Secondary: Switch Database

                                                            iii.      Click Apply

                                                           iv.      Click Yes

d.      Close Web Browser and reconnect

e.       Click the Admin button

                                                               i.      Connect using Domain Userid and password

                                                             ii.      If unable to connect via Radius troubleshoot by looking at the Radius Logs, and using iasparse from the Windows 2003 resource kit.

1.      Typically issues are

a.       User is not allowed Remote Access.

                                                                                                                                       i.      Configure the user as “Allow access” or “Control access through Remote Access Policy”

b.      User is not a member of the appropriate Brocade Group

                                                                                                                                       i.      Add user to the appropriate Brocade group.

                                                          iii.      If you need to disable Radius

1.      Disconnect LAN Connection

2.      Login using a serial connection with the local switch Admin and password

3.      Type: aaaconfig --radius off

4.      Reconnect LAN Connection


 

Windows 2003 IAS Configuration

1)      Start “Internet Authentication Service” management console

*Repeat client configuration for each individual switch.

a.       Right Click “RADIUS Client”

b.      Select “New RADIUS Client:

                                                               i.      Friendly Name: Brocade_switchname

                                                             ii.      Client IP or DNS: enter dns name

                                                            iii.      Click Next

                                                           iv.      Client-Vendor: Radius Standard

                                                             v.      Shared secret: <type shared secret password>

                                                           vi.      Confirm shared secret: <type shared secret password>

                                                          vii.      Click Finish

c.       Right Click “Remote Access Policies”

*If done correctly the following only needs to be done once per policy (Admin or User Policy).  The policy will then apply to all Brocade Switches

d.      Select “New Remote Access Policy”

                                                               i.      Welcome Screen

1.      Click Next

                                                             ii.      Policy Configuration Method

1.      Select “Set up a custom policy”

2.      Policy Name: Brocade Admin (or Brocade User)

3.      Click Next

                                                            iii.      Policy Conditions

1.      Add Client-Friendly-Name Condition

a.       Click Add

b.      Select “Client-Friendly-Name”

c.       Click Add

d.      Type: Brocade_*

e.       Click Ok

2.      Add Windows-Groups condition

3.      Click Add

4.      Select “Windows-Groups”

5.      Click Add to select “Windows-Groups”

6.      Click Add to add a group as a condition

7.      Type: Domain\Group_name (Brocade Admin or User group)

8.      Click Ok

9.      Click Ok

10.  Click Next

e.       Permissions

                                                               i.      Select “Grant remote access permission”

                                                             ii.      Click Next

f.        Profile

                                                               i.      Click Edit Profile

1.      Click Authentication Tab

a.       Uncheck all existing options

b.      Check “Unencrypted authentication (PAP, SPAP)

2.      Click Advance Tab

a.       Click Add

b.      Select “Vendor-Specific”

c.       Click Add

d.      Click Add

e.       Enter Vendor Code: 1588

f.        Select “Yes, it conforms”

g.       Click “Configure Attribute”

                                                                                                                                       i.      Vendor-Assigned Attribute Number: 1

                                                                                                                                     ii.      Attribute Format: string

                                                                                                                                    iii.      Attribute Value: admin (or user)

                                                                                                                                   iv.      Click Ok

h.       Click Ok

i.         Click Ok

j.        Click Close

3.      Click Apply then Ok

                                                             ii.      Click Next

g.       Completing Wizard

                                                               i.      Click Finish

h.       Adjust remote access policy as need

i.         Create a new Remote Access Policy for the Brocade User if needed.

Article ID: 35, Created On: 9/16/2011, Modified: 9/16/2011