Fibre Channel (SAN)

Reply
New Contributor
Posts: 4
Registered: ‎08-04-2013

How to restore factory settings without CLI at Brocade SAN 4Gb?

Hi guys,

we have two Brocade SAN 4Gb Fibre switches installed in our c-class,

our customer requested to provide info on how to disable the SSH on the switch,

so I've created a new policy with blocking the SSH from any ip4 address,

after applying the policy I can't connect to switch using the standard web interface, telnet or ssh,

the C-class chassis management interface also not realy helpful in this case,

so at this point I have no way to manage the switch,

the web interface returns with following message:

Interface disabled

This Interface (<my ip>) has been disabled by the administrator.

As I get it - my only option now is to restore factory settings , but switch has no serial , no ssh and etc...

So my first question is - why it's failed since I only blocked the SSH?

How can I restore the factory settings or remove the blocking policy?

Please advice.

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: How to restore factory settings without CLI at Brocade SAN 4Gb?

So my first question is - why it's failed since I only blocked the SSH?


Apparently you've did something more that just block ssh.

What is unknown as you haven't posted the policy


How can I restore the factory settings or remove the blocking policy?


I believe the SAN switch is internally connected to the onboard administrator with its serial port, but have to check that at work.

Alternatively you could look for the user guide on HP's website.

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: How to restore factory settings without CLI at Brocade SAN 4Gb?

Ok,

To get into your switch;

  1. SSH into the active onboard administrator module.
  2. execute  show interconnect list all, it will list similar output as below
    Bay Interconnect Type     Manufacturer      Power   Health   UID  Management IP 
    --- ----------------- -------------------- ------- --------- --- ---------------  
    1      Ethernet                   HP                          On      OK        Off  0.0.0.0  
    2      Fibre Channel          BROCADE              On      OK        Off  0.0.0.0
    In my case the switch is in bay 2, yours could be located in a different bay
  3. execute connect interconnect {your bay number}, it should come back with output similar as

    NOTICE: This pass-thru connection to the integrated I/O console

    is provided for convenience and does not supply additional access

    control.  For security reasons, use the password features of the

    integrated switch.

    Connecting to integrated switch 2 at 9600,N81...

    Escape character is '<Ctrl>_' (Control + Shift + Underscore)

    Press to display the switch console:

    Fabric OS (swd77)

  4. do your thing
New Contributor
Posts: 4
Registered: ‎08-04-2013

Re: How to restore factory settings without CLI at Brocade SAN 4Gb?

the policy had 1 rule :

ip4: 0.0.0.0/0 SSH tcp Deny

position of the policy was first before the 2 default policies, so basically I don't get why it's blocked all protocols

I've opened the default policies on the second switch, for ip4 it has SSH/22 tcp Allow as a first rule,

maybe 2 of these rules somehow bring the system to blocked state...

chassis onboard management has no ability to restore something on the switch, it provides the basic info and ability to launch the switch management interface, which is blocked now....

New Contributor
Posts: 4
Registered: ‎08-04-2013

Re: How to restore factory settings without CLI at Brocade SAN 4Gb?

yes!!!

the on board management, via web browser doesn't support the switch management but through it's SSH it does!!!

Great! thanks for help !!!

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: How to restore factory settings without CLI at Brocade SAN 4Gb?

No problem

New Contributor
Posts: 4
Registered: ‎08-04-2013

Re: How to restore factory settings without CLI at Brocade SAN 4Gb?

just for clarification for others,

I did mistake while creating a new policy,

there I've created only one rule for SSH blocking since I assumed that other traffic types are allowed by default,

but they're not, if there's no rule for protocol - it's blocked,

so when I've activated the policy with one blocking SSH rule it blocked the whole thing as well

Super Contributor
Posts: 445
Registered: ‎04-08-2009

Re: How to restore factory settings without CLI at Brocade SAN 4Gb?

Thanks for clarifying anatoly.cherney.  I'm sure this thread as well as the details on it, will definitely help the next person who runs into this. 

Regards,

Mike Eversole
Brocade Community Manager

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.