turn on suggestions
![]() Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
|
01-27-2010 07:17 AM
I am trying to merge I10K running code version 09.06.02 7 and a Brocade 5100 running v6.1 2b.
These are both set to Open Fabric mode. I10K has domian id of 97(1) and the 5100 has 98(2).
All ports set to E and specified speed of 2Gb (I10K port speed).
Will not merge together, I am getting the following message amongst others:
2010/01/27-14:31:55, , 1554,, WARNING, ACP-COD-SWB1, port 0, ESA Rjt,
incompat sec attrb.
This implies I need to change security attributes, but I can't find the details of what to change anywhere.
I have managed to get the same scenario working on the A side of our fabric solution, with identical hardware running identical firmware versions.
Can anyone help identify how to overcome this issue? The I10K is a Shared Customer solution and is live, so I cannot make any disruptive changes to that fabric at this time.
Message was edited by: Scott Eva I have also found the following Fabric messages: Date/Time Description Event Data Ports (RSCN only) ------------------- ---------------------------------------------------- --------------------------------------------------------------------------------------- ----------------- 2010/01/27 15:26:19 E_Port or potential E_Port set to Invalid Attachment Port Number=156, IA Reason=INV_ATT_ESA_SECURITY_MISMATCH 2010/01/27 15:26:16 E_Port or potential E_Port set to Invalid Attachment Port Number=134, IA Reason=INV_ATT_ESA_SECURITY_MISMATCH 2010/01/27 15:25:35 E_Port or potential E_Port set to Invalid Attachment Port Number=134, IA Reason=INV_ATT_ESA_SECURITY_MISMATCH 2010/01/27 15:24:08 E_Port or potential E_Port set to Invalid Attachment Port Number=134, IA Reason=INV_ATT_ESA_SECURITY_MISMATCH 2010/01/27 15:24:08 E_Port or potential E_Port set to Invalid Attachment Port Number=156, IA Reason=INV_ATT_ESA_SECURITY_MISMATCH
01-27-2010 07:41 AM
--->>> I10K has domian id of 97(1) and the 5100 has 98(2).
Show here, Step 3
http://community.brocade.com/home/docs/DOC-1639
Message --->>>
Recommended Action
Based on the segmentation reason displayed within the message, look for a possible mismatch of
relevant configuration parameters in the switches at both ends of the link.
Run the configure command to modify the appropriate switch parameters on both the local and
remote switch.
--->>> I am trying to merge I10K running code version 09.06.02 7 and a Brocade 5100 running v6.1 2b.
It is highly recommended that M-EOS products operate with the most recent version of M-EOS
released and supported for interoperability. M-EOS 9.8.0 is the minimum version of firmware that is
qualified to interoperate with FOS 6.1.2 a, b, and c or later.
01-27-2010 07:49 AM
Hi
The interop matrices show the 2 code levels to be acceptable and I have managed to achieve fabric merge on the alternate side of the fabric using the same kit and code levels.
I have looked at all attributes I can think of, and these are all compatible. I am trying to better understand the relevant SEC messages, but cannot find any documentation anywhere that relates to either the FABR1001 or possible security changes.
I have seen documentation suggesting to check the zoning isolation security mode, but have no idea how to check or modify those values.
01-27-2010 07:59 AM
The security Mode must be changed in the M-EOS also i10k, but you get a risk that the Fabric Crash.
FABR1001 Description can you find in the Fabric OS Message Reference Manuals.
the rest remain as mentioned in my preview answer.
Probable you have managed another fabric with the same EOS and FOS level, but this is not Brocade Approved and/ or Certified.
01-27-2010 08:03 AM
If I have to upgrade the firmware, then I will do it, but it doesn't explain why 2 identical setups have 2 differnet results.
In the meantime, yes, I want to change security paramaters, but can't find any documentation saying what parameters should be checked. Bearing in mind the I10K and 5100 have differnt commands, can anyone suggest the commands I need to run/query?
01-27-2010 08:23 AM
When you login to the i10k trough the GUI, i believe here is a Security Tab -> Safe Zoning Mode.
is this enabled or disabled ?
what is the Error Code in the i10k Event Log ?
01-28-2010 02:05 AM
Hi TechHelp24
We manage the I10K through EFCM but do not have that option visible through the GUI. I have found the setting through the cli. Should safezoning mode be enabled or disabled?
The most relevant messages I receive on the I10K logs in the security report, which details the following:
Severity User Reason Description Date/Time Count Category Role Interface IP
------------- -------- ------ --------------------------------- ------------------- ----- --------------------- ---- --------- --
Informational 10304 Incompatible E_Port Security Attr 2010/01/26 16:47:02 0 Authorization Failure
Informational 10304 Incompatible E_Port Security Attr 2010/01/26 16:45:43 0 Authorization Failure
Informational 10304 Incompatible E_Port Security Attr 2010/01/26 16:40:17 0 Authorization Failure
Informational 10304 Incompatible E_Port Security Attr 2010/01/26 16:31:36 0 Authorization Failure
Informational 10304 Incompatible E_Port Security Attr 2010/01/26 16:30:42 0 Authorization Failure
Informational 10304 Incompatible E_Port Security Attr 2010/01/26 16:30:42 0 Authorization Failure
The Errshow command lists the following:
2010/01/27-14:31:55, , 1554,, WARNING, ACP-COD-SWB1, port 0, ESA Rjt,
incompat sec attrb.
01-28-2010 02:49 AM
--->>> We manage the I10K through EFCM but do not have that option visible through the GUI.
from Web Browser http://switch_ip_address
The output you post here is not from Event Log, but i believe Code 10304 is a Error reported from Radius.
Have you in the environment's Radius Credential ?
--->>> Should safezoning mode be enabled or disabled?
If no, set as disable, but not warranty.