Dell Brocade 300 Podręcznik Użytkownika Strona 168
- Strona / 666
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
168 Fabric OS Administrator’s Guide
53-1002745-02
Remote authentication
5
Assigning a user to a group
Before you can assign a user to a group, the memberOf overlay must be added to the slapd.conf
file. Refer to “Enabling group membership” on page 166 for details.
To create a group and assign a member:
1. In a .ldif file, create a “groupOfNames” objectClass entry with the name of the group, for
example, “admin,” to create a group.
2. Set a “member” attribute for the group instance to identify the member, as in this example:
“cn=Sachin,cn=Users,dc=mybrocade,dc=com”
Automatically the “memberOf” attribute of entry Sachin will have value
“cn=admin,ou=groups,dc=mybrocade,dc=com”, which assigns Sachin to the admin group.
3. Enter the ldapadd command.
For example, the .ldif file might contain something like the following:
#Groups in organization
dn: ou=groups,dc=mybrocade,dc=com
objectclass:organizationalunit
ou: groups
description: generic groups branch
dn: cn=admin,ou=groups,dc=mybrocade,dc=com
objectclass: groupofnames
cn: admin
description: Members having admin permission
#Add members for admin group
member: cn=sachin,cn=Users,dc=mybrocade,dc=com
Assigning the LDAP role to a switch role
Use the ldapCfg -–maprole ldap_role_name switch_role command to map LDAP server
permissions to one of the default roles available on a switch.
Modifying an entry
To modify a directory entry, perform the following steps:
1. Create a .ldif file containing the information to be modified.
2. Enter the ldapmodify -f filename command, where filename is the .ldif file you edited in step 1.
Example to delete a user attribute
1. Create or edit a .ldif file with an entry similar to the following.
#########Deleting an attr
#dn: cn=Sachin,cn=Users,dc=mybrocade,dc=com
#changetype: modify
#delete: memberof
2. Enter the following ldapmodify command, where test.ldif is the name of the file you edited in
step 1.
> ldapmodify -D cn=Sachin,dc=mybrocade,dc=com –x -w secret -f test.ldif
- Fabric OS 1
- Document History 2
- Contents (High Level) 3
- Contents 5
- Chapter 4 Routing Traffic 8
- 53-1002745-02 10
- Chapter 15 NPIV 16
- Section II Licensed Features 18
- Appendix A Port Indexing 23
- Appendix B FIPS Support 23
- About This Document 33
- What’s new in this document 35
- Document conventions 36
- Notice to the reader 37
- Additional information 38
- Getting technical help 38
- FT00X0054E9 39
- Document feedback 40
- Standard Features 41
- Management server 44
- Platform services 44
- Management server database 45
- Adding a member to the ACL 46
- Topology discovery 49
- Disabling topology discovery 50
- Device login 51
- Fabric login process 52
- Port login process 52
- Device recovery 53
- Daemon Description 54
- Fabric OS overview 55
- Telnet or SSH sessions 57
- Getting help on a command 58
- • Timestamp 59
- • Username 59
- • Options 59
- • Arguments 59
- Password modification 61
- Brocade Backbones 62
- Brocade switches 62
- Static Ethernet addresses 64
- DHCP activation 66
- Disabling DHCP for IPv4 67
- IPv6 autoconfiguration 68
- Date and time settings 69
- Setting the time zone 70
- Network time protocol 71
- Domain IDs 72
- Displaying the domain IDs 73
- Switch names 74
- Chassis names 75
- Fabric name 75
- Switch and Backbone shutdown 76
- Powering off a Brocade switch 77
- Basic connections 78
- Core PID addressing mode 80
- 256-area addressing mode 81
- WWN-based PID assignment 82
- Assigning a static PID 83
- Clearing PID binding 83
- Showing PID assignments 83
- Port Types 84
- Backbone port blades 84
- Setting port names 86
- Port identification by index 87
- Swapping port area IDs 88
- Enabling a port 89
- Port decommissioning 90
- Setting port modes 90
- Setting port speeds 92
- Supported on: 93
- Blade Blade ID 93
- (slotshow) 93
- CP blades 95
- Core blades 95
- Enabling and disabling blades 96
- Blade swapping 97
- How blades are swapped 98
- Swapping blades 100
- Power management 101
- Equipment status 102
- Verifying fabric connectivity 103
- Verifying device connectivity 104
- Example output from a switch 106
- Audit log configuration 107
- Audit filter is configured 108
- Audit filter is enabled 108
- Routing Traffic 111
- Paths and route selection 112
- Fibre Channel NAT 113
- Inter-switch links 114
- Buffer credits 115
- Virtual channels 115
- Gateway links 117
- Routing policies 118
- Port-based 119
- Exchange-based routing 119
- Device-based routing 120
- AP route policies 120
- Setting the routing policy 121
- Route selection 122
- Frame order delivery 123
- ATTENTION 125
- Lossless core 126
- ICL limitations 127
- Traffic flow limitations 127
- Limitations 128
- Viewing current FEC settings 129
- Frame Redirection 130
- Viewing frame redirect zones 131
- Managing User Accounts 133
- Role-Based Access Control 134
- Admin Domain considerations 135
- Role permissions 135
- The management channel 136
- Managing user-defined roles 136
- Local database user accounts 137
- Default accounts 138
- Local account passwords 139
- --localaccept PWD command 140
- Password policies 141
- Password history policy 142
- Password expiration policy 143
- Account lockout policy 143
- Unlocking an account 144
- The boot PROM password 145
- Option Description 146
- Recovery Password: 147
- New password: 147
- Remote authentication 149
- Authentication server data 150
- Switch configuration 150
- Supported LDAP options 151
- Command options 151
- Fabric OS user accounts 152
- Item Value Description 153
- Windows 2000 IAS 154
- Linux FreeRADIUS server 154
- Setting up a RADIUS server 156
- • Creating the user 157
- • Enabling clients 157
- . IAS uses the Windows 159
- RSA RADIUS server 160
- • vid (Vendor-ID): 1588 161
- • type1 (Vendor-Type): 1 161
- Creating a user 164
- Creating a group 164
- Enabling group membership 166
- Assigning a user to a group 168
- Modifying an entry 168
- Example to add a group member 169
- TACACS+ service 171
- The tac_plus.cfg file 172
- Example enabling RADIUS 175
- Example enabling LDAP 175
- Example enabling TACACS+ 175
- Example for LDAP 176
- Example for TACACS+ 176
- Configuring Protocols 177
- Secure Copy 178
- Secure Shell protocol 179
- SSH public key authentication 180
- Browser and Java support 182
- SSL configuration overview 183
- Example of generating a key 184
- Example of generating a CSR 184
- Example of exporting a CSR 184
- Obtaining certificates 185
- The browser 186
- • Brocade-specific MIB trap 188
- • FibreAlliance MIB trap 188
- SNMP and Virtual Fabrics 189
- Telnet protocol 190
- Unblocking Telnet 191
- Listener applications 192
- Port configuration 193
- Configuring Security Policies 195
- ACL policy management 196
- Displaying ACL policies 197
- Activating ACL policy changes 197
- Deleting an ACL policy 197
- Example of removing a member 198
- FCS policies 199
- Creating an FCS policy 201
- FCS policy distribution 202
- DCC policy restrictions 203
- Creating a DCC policy 204
- Deleting a DCC policy 205
- SCC Policies 206
- Creating an SCC policy 207
- E_Port authentication 208
- Device authentication policy 210
- AUTH policy restrictions 211
- Authentication protocols 212
- Secret key pairs for DH-CHAP 213
- Setting a secret key pair 214
- FCAP configuration overview 215
- Exporting the CSR for FCAP 216
- Importing CA for FCAP 216
- IP Filter policy 217
- Creating an IP Filter policy 218
- Cloning an IP Filter policy 218
- Saving an IP Filter policy 218
- Deleting an IP Filter policy 219
- IP Filter policy rules 219
- Source address 220
- Destination port 220
- Protocol 221
- Implicit filter rules 222
- Default policy rules 222
- IP Filter policy enforcement 223
- Policy database distribution 224
- Distribution 225
- Fabric-wide enforcement 227
- Management interface security 231
- Gateway-to-gateway tunnel 232
- Endpoint-to-gateway tunnel 232
- IP sec protocols 233
- Security associations 233
- IP sec policies 234
- IKE policies 235
- Creating the tunnel 236
- In this chapter 241
- Configuration settings 241
- Configuration file format 242
- Chassis section 243
- Configuration file backup 244
- Restrictions 246
- Command Displays 247
- Restoring a configuration 248
- Security considerations 250
- Brocade configuration form 253
- HA sync state 257
- Active CP Fabric OS 258
- Standby CP Fabric OS 258
- HA sync state Remedy 258
- Connected switches 259
- Firmware download on switches 260
- Enabling the USB device 265
- Viewing the USB file system 265
- FIPS support 266
- The firmwareDownload command 267
- Managing Virtual Fabrics 275
- Logical switch overview 276
- Physical chassis 278
- Logical fabric overview 281
- Logical fabric and ISLs 282
- Base switch and extended ISLs 283
- Base fabric 285
- Logical ports 285
- Logical fabric formation 285
- Restrictions on XISLs 289
- Restrictions on moving ports 289
- Enabling Virtual Fabrics mode 290
- Example 291
- Deleting a logical switch 294
- Administering Advanced Zoning 303
- Zoning overview 304
- Approaches to zoning 305
- Zone objects 306
- Zone aliases 307
- Zone configurations 307
- Zoning enforcement 308
- Item Description 309
- Broadcast zones 310
- Creating an alias 313
- Adding members to an alias 313
- Deleting an alias 314
- Zone creation and maintenance 316
- Replacing zone members 319
- Deleting a zone 320
- Validating a zone 323
- Example warning message 324
- Default zoning mode 326
- Zone database size 327
- Enabling a zone configuration 330
- Deleting a zone configuration 331
- Zone object maintenance 333
- Deleting a zone object 334
- Renaming a zone object 335
- Zone configuration management 336
- Security and zoning 336
- Zone merging 336
- , even though members of the 338
- Zone merging scenarios 339
- Concurrent zone transactions 342
- Sample output: 343
- Traffic Isolation Zoning 345
- TI zone failover 346
- Enhanced TI zones 350
- General rules for TI zones 356
- Trunking with TI zones 359
- Creating a TI zone 364
- Example TI zone creation 365
- Modifying TI zones 367
- Deleting a TI zone 369
- Displaying TI zones 369
- FIGURE 47 TI over FCR example 371
- Bottleneck Detection 375
- Types of bottlenecks 376
- How bottlenecks are reported 376
- Credit Loss 379
- Setting a latency alert only 384
- Encryption 394
- Example output 396
- Availability considerations 398
- Limitations and restrictions 402
- Configuring encryption 404
- Configuring compression 404
- Disabling encryption 405
- Disabling compression 405
- Enabling compression 409
- Working with EX_Ports 411
- Example Setting a secret key 412
- EX_Port commands 418
- NPIV overview 419
- Upgrade considerations 420
- Fixed addressing mode 420
- 10-bit addressing mode 420
- Configuring NPIV 421
- Enabling and disabling NPIV 422
- Configuring FA-PWWNs 426
- Restrictions of FA-PWWN 431
- Admin Domain features 435
- Admin Domain access levels 435
- User-defined Admin Domains 436
- System-defined Admin Domains 436
- Home Admin Domains and login 438
- Admin Domain member types 439
- Admin Domains and switch WWNs 440
- Fabric Visible to AD3 User 441
- Fabric Visible to AD4 User 441
- Creating an Admin Domain 443
- Activating an Admin Domain 446
- Deactivating an Admin Domain 447
- Renaming an Admin Domain 448
- Deleting an Admin Domain 449
- AD0 with three zones 452
- CLI commands in an AD context 455
- • Root zone database 458
- • AD zone databases 458
- Admin Domains and LSAN zones 459
- Configuration file sections 460
- Licensed Features 461
- Administering Licensing 463
- Licensing overview 464
- Available Brocade licenses 464
- Brocade 7800 Upgrade license 470
- ICL licensing 471
- ICL 8-link license 472
- ICL 16-link license 472
- Enterprise ICL license 472
- 8G licensing 473
- Slot-based licensing 474
- 10G licensing 475
- Temporary licenses 478
- Date change restriction 479
- Expired licenses 480
- Universal temporary licenses 480
- Viewing installed licenses 481
- Activating a license 481
- Adding a licensed feature 481
- Removing a licensed feature 482
- Ports on Demand 483
- Displaying installed licenses 484
- Activating Ports on Demand 485
- Dynamic Ports on Demand 485
- Reserving a port license 488
- Inter-chassis Links 491
- Domain 1 492
- DCX 8510-8 492
- Domain 2 492
- Mesh topology 495
- Core-edge topology 496
- Monitoring Fabric Performance 499
- Maximum number of EE monitors 501
- Adding EE monitors 502
- Deleting EE monitors 504
- Frame monitoring 505
- Maximum number of offsets 506
- Creating a frame monitor 507
- Deleting frame types 507
- Displaying frame monitors 508
- Top Talker monitors 510
- Trunk monitoring 515
- Performance data collection 516
- Optimizing Fabric Behavior 517
- Ingress Rate Limiting 518
- • Enable QoS on F/FL_Ports 520
- • Enable QoS on E_Ports 520
- Supported configurations 521
- • Are 8-Gbps or 16-Gbps ports 524
- • Have trunking enabled 524
- • Have QoS disabled 524
- QoS zones 525
- QoS on E_Ports 526
- QoS over FC routers 527
- Managing Trunking Connections 533
- Types of trunking 534
- Masterless trunking 534
- Port groups for trunking 535
- Requirements for trunk groups 536
- Configuring trunk groups 538
- Trunk Area and Admin Domains 540
- EX_Port trunking 541
- Masterless EX_Port trunking 542
- Configuring EX_Port trunking 542
- F_Port trunking 543
- Category Description 546
- Disabling F_Port trunking 549
- Long -distance link modes 552
- Configuring an extended ISL 553
- Buffer credit management 555
- Fibre Channel data frames 557
- • If QoS is enabled: 558
- Downgrade considerations 565
- Buffer credit recovery 566
- FC-FC routing overview 569
- • EX_Port and VEX_Port 572
- • Edge fabric 572
- • Backbone fabric 572
- • Inter-fabric link (IFL) 572
- • Logical SANs (LSANs) 573
- • Proxy device 573
- • Proxy PID 573
- • Fabric ID (FID) 574
- • MetaSAN 574
- Proxy devices 575
- FC-FC routing topologies 576
- Phantom domains 577
- Setting up FC-FC routing 579
- Backbone fabric IDs 581
- FCIP tunnel configuration 582
- • 1000 for an EX_Port IFL 587
- • 10,000 for a VEX_Port IFL 587
- Port cost considerations 588
- LSAN zone configuration 590
- LSAN Zone Limit 3000 594
- LSAN Zone Limit 5000 594
- Enforce tag 595
- Speed tag 595
- Rules for LSAN tagging 596
- Configuring a Speed LSAN tag 597
- Removing an LSAN tag 597
- LSAN zone binding 598
- FIGURE 81 LSAN zone binding 599
- How LSAN zone binding works 600
- FC router matrix definition 601
- LSAN fabric matrix definition 601
- Setting up LSAN zone binding 602
- Proxy PID configuration 603
- Inter-fabric broadcast frames 604
- Resource monitoring 604
- Port Indexing 611
- FIPS Support 615
- Zeroization functions 616
- FIPS mode configuration 617
- LDAP in FIPS mode 618
- Setting up LDAP for FIPS mode 619
- Key Sub-key 620
- Preparing a switch for FIPS 621
- Overview of steps 622
- Enabling FIPS mode 622
- Zeroizing for FIPS 624
- Displaying FIPS configuration 625
- Hexadecimal Conversion 627
- Numerics 631
Powiązane produkty i podręczniki dla Oprogramowanie Dell Brocade 300
(188 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.071 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji