How to configure a Brocade Silkworm series switch

This configuration assumes a new switch is being installed and you have not configured Brocade switches before. This was written for v5.x firmware on the Brocade switch. Initial IP Configuration via Serial Cable 1) Do Not Power on the Switch 2) Read the Quick Start Guide 3) Connect a Serial Cable to Switch and Computer 4) Start a Terminal Session to the switch a. Bits/second: 9600 b. Databits: 8 c. Parity: None d. Stop Bits: 1 e. Flow Control: None 5) Power on the Swtich 6) When the Terminal Session stops reporting information, press Enter to display the login prompt 7) Default Login a. User: admin b. Pass: password 8) First time login, press Enter to change default passwords a. User: root i. Type password b. User: factory i. Type password c. User: admin i. Type password d. User: user i. Type password 9) Set IP Address a. Type: ipaddrset i. Ethernet IP Address: 10.0.0.0 (choose appropriate address) ii. Ethernet Subnet: 255.255.0.0 (choose appropriate subnet) iii. Fibre Channel IP Address: None iv. Fibre Channel Subnet: None v. Gateway IP Address: 10.0.0.0 (choose appropriate gateway) 10) Show IP Address a. Type: ipaddrshow 11) Show Ethernet Duplex a. Type: ifmodeshow eth0 b. If not auto-negotiated to Full Duplex hardest Full Duplex 12) Set Ethernet Duplex if needed a. Type: ifmodeset eth0 i. Auto-negotiate: n ii. Force 100 Mbps / Full Duplex: y 13) Reboot Switch a. Type: reboot 14) Once the switch is rebooted, verify active IP by pinging from a workstation.

a.

If this fails troubleshoot the IP and Duplex settings until the problem is resolved

Configuration via a Telnet Session 1) Start a Telnet session to the switch IP Address a. Login as Admin 2) Configure Domain ID a. Type: switchdisable b. Type: configure i. Fabric parameters (yes, y, no, n): y ii. Domain: (1..239) [1]: type appropriate Domain ID iii. Press Ctrl-D to accept remaining settings c. Type: switchenable 3) Configure Network Time Server a. Type: tsclockserver ipaddress 4) Configure Time Zone a. Type: tstimezone [houroffset [, minuteoffset]] i. For Pacific Standard Time enter: tsTimeZone -8,0 ii. For Central Standard Time enter: tsTimeZone -6,0 iii. For Eastern Standard Time enter: tsTimeZone -5,0 5) Verify Switch Role (Principal Switch) a. Type: switchshow b. Find SwitchRole 6) Reboot Switch a. Type Reboot Configuration via the WebTools 1) Open Web Browser a. Http://switch_ip_address 2) Click the Admin button a. User: admin b. Pass: Type appropriate password 3) Configure Switch Name and DNS a. Click Switch Tab b. Name: switch name c. DNS Server 1: appropriate DNS Server d. DNS Server 2: appropriate DNS Server e. Domain Name: win-na.com f. Click Apply g. Click Yes 4) Configure SNMP as needed a. Note: Brocade hard codes the Read Write / Read Only fields, fill in the table from the top down in the first available Read Write / Read Only fields. Leave all other existing entries alone. b. Access Control List i. SNMP server ip address Read Write c. Click Apply d. Click Yes 5) Configure License

a. Gather paper license and code for the additional Ports on Demand activation. b. Follow instructions on paper sheet to generate the license key c. Click Add i. Cut and paste license key ii. Click Add License iii. Repeat as needed. d. Click Refresh to view new license e. **The ports can now be enabled individually, or reboot the switch to enable all ports. 6) Configure Radius (AAA Service) a. See Brocade Fabric OS vX.X.X Procedures Guide for more information. * Create these groups only once. b. Using Active Directory Users and Computers create 1-2 groups i. One group for Brocade Admins (Required) ii. One group for Brocade Users (Optional) iii. Both groups must be Global or Universal Groups iv. Place users as needed into appropriate group. *** The Radius server should be configured to accept connections prior to the switch configuration. Please verify Windows 2003 IAS Configuration section is completed c. Switch Configuration i. Click Add Button 1. Radius Server: IP Address of IAS/Radius server. 2. Port: 1812 3. Secret String: <type shared secret password> 4. Authentication: PAP ii. AAA Services 1. Primary: Radius 2. Secondary: Switch Database iii. Click Apply iv. Click Yes d. Close Web Browser and reconnect e. Click the Admin button i. Connect using Domain Userid and password ii. If unable to connect via Radius troubleshoot by looking at the Radius Logs, and using iasparse from the Windows 2003 resource kit. 1. Typically issues are a. User is not allowed Remote Access. i. Configure the user as Allow access or Control access through Remote Access Policy

b. User is not a member of the appropriate Brocade Group

i. Add user to the appropriate Brocade group. iii. If you need to disable Radius 1. Disconnect LAN Connection 2. Login using a serial connection with the local switch Admin and password 3. Type: aaaconfig --radius off 4. Reconnect LAN Connection

Windows 2003 IAS Configuration 1) Start Internet Authentication Service management console *Repeat client configuration for each individual switch. a. Right Click RADIUS Client b. Select New RADIUS Client: i. Friendly Name: Brocade_switchname ii. Client IP or DNS: enter dns name iii. Click Next iv. Client-Vendor: Radius Standard v. Shared secret: <type shared secret password> vi. Confirm shared secret: <type shared secret password> vii. Click Finish c. Right Click Remote Access Policies *If done correctly the following only needs to be done once per policy (Admin or User Policy). The policy will then apply to all Brocade Switches d. Select New Remote Access Policy i. Welcome Screen 1. Click Next ii. Policy Configuration Method 1. Select Set up a custom policy 2. Policy Name: Brocade Admin (or Brocade User) 3. Click Next iii. Policy Conditions 1. Add Client-Friendly-Name Condition a. Click Add b. Select Client-Friendly-Name c. Click Add d. Type: Brocade_* e. Click Ok 2. Add Windows-Groups condition 3. Click Add 4. Select Windows-Groups 5. Click Add to select Windows-Groups 6. Click Add to add a group as a condition 7. Type: Domain\Group_name (Brocade Admin or User group) 8. Click Ok 9. Click Ok 10. Click Next e. Permissions i. Select Grant remote access permission ii. Click Next f. Profile i. Click Edit Profile 1. Click Authentication Tab a. Uncheck all existing options b. Check Unencrypted authentication (PAP, SPAP) 2. Click Advance Tab a. Click Add b. Select Vendor-Specific

g. h. i.

c. Click Add d. Click Add e. Enter Vendor Code: 1588 f. Select Yes, it conforms g. Click Configure Attribute i. Vendor-Assigned Attribute Number: 1 ii. Attribute Format: string iii. Attribute Value: admin (or user) iv. Click Ok h. Click Ok i. Click Ok j. Click Close 3. Click Apply then Ok ii. Click Next Completing Wizard i. Click Finish Adjust remote access policy as need Create a new Remote Access Policy for the Brocade User if needed.