53 1001816 01 iSCSI AG

53-1001816-01
30 March 2010
iSCSI Gateway Service

Administrators Guide
Supporting Fabric OS v6.4.0
Copyright 2010 Brocade Communications Systems, Inc. All Rights Reserved.

Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron,
SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health
are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands,
products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their
respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to
this document at any time, without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with
respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that
accompany it.
The product described by this document may contain open source software covered by the GNU General Public License or other
open source license agreements. To find out which open source software is included in Brocade products, view the licensing
terms applicable to the open source software, and obtain a copy of the programming source code, please visit
http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated

Corporate and Latin American Headquarters
Brocade Communications Systems, Inc.
1745 Technology Drive
San Jose, CA 95110
Tel: 1-408-333-8000
Fax: 1-408-333-8101
E-mail: info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems China HK, Ltd.
No. 1 Guanghua Road
Chao Yang District
Units 2718 and 2818
Beijing 100020, China
Tel: +8610 6588 8888
Fax: +8610 6588 9999
E-mail: china-info@brocade.com
European Headquarters
Brocade Communications Switzerland Srl
Centre Swissair
Tour B - 4me tage
29, Route de l'Aroport
Case Postale 105
CH-1215 Genve 15
Switzerland
Tel: +41 22 799 5640
Fax: +41 22 799 5641
E-mail: emea-info@brocade.com
Asia-Pacific Headquarters
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)
Citic Plaza
No. 233 Tian He Road North
Unit 1308 13th Floor
Guangzhou, China
Tel: +8620 3891 2000
Fax: +8620 3891 2111
E-mail: china-info@brocade.com
Document History
Title
Publication number
Summary of changes
Date
iSCSI Gateway Service Administrators Guide
53-1001816-01
New document
March 2010
Contents
About This Document

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Whats new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Command syntax conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Command examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Notes, cautions, and warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Brocade resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Other industry resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Chapter 1
Introduction to the iSCSI Gateway Service

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
iSCSI gateway service overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
iSCSI session translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Basic and advanced LUN mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Basic LUN mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Advanced LUN mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
iSCSI component identification of the IQN prefix . . . . . . . . . . . . . . . . 4
Changing and displaying the IQN prefix . . . . . . . . . . . . . . . . . . . . 5
Access control with discovery domains . . . . . . . . . . . . . . . . . . . . . . . . 5
Switch-to-iSCSI initiator authentication . . . . . . . . . . . . . . . . . . . . . . . . 6
Load balancing through connection redirection . . . . . . . . . . . . . . . . . 6
Enabling and disabling connection redirection for load balancing7
Displaying connection redirection status . . . . . . . . . . . . . . . . . . . 7
Supported iSCSI initiators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Checklist for configuring iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

53-1001816-01
iii
Chapter 2
Configuring the FC4-16IP Blade

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
FC4-16IP port numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Enabling the iSCSI gateway service . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Enabling GbE ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring the GbE interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 3
Configuring iSCSI Virtual Targets

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
iSCSI virtual target configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Automatic iSCSI VT creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Manual iSCSI VT creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Displaying the iSCSI virtual target LUN map . . . . . . . . . . . . . . . 21
Displaying iSCSI VT state and status . . . . . . . . . . . . . . . . . . . . . 22
Discovery domain and domain set configuration . . . . . . . . . . . . . . . 22
Displaying iSCSI initiator IQNs. . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Creating discovery domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Creating and enabling a discovery domain set . . . . . . . . . . . . . 23
iSCSI initiator-to-VT authentication configuration . . . . . . . . . . . . . . . 24
Setting the user name and shared secret . . . . . . . . . . . . . . . . . 24
Binding user names to an iSCSI VT . . . . . . . . . . . . . . . . . . . . . . 24
Deleting user names from an iSCSI VT binding list . . . . . . . . . . 25
Displaying CHAP configurations . . . . . . . . . . . . . . . . . . . . . . . . . 25
Committing the iSCSI-related configuration . . . . . . . . . . . . . . . . . . . 25
Resolving conflicts between iSCSI configurations . . . . . . . . . . . . . . 26
LUN masking considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 4
Creating the iSCSI FC Zone

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
iSCSI FC zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
iSCSI FC zone creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Zoning configuration creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Creating and enabling a zoning configuration . . . . . . . . . . . . . . 33
Chapter 5
Administering the iSNS Client

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
iSNS client service configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Displaying iSNS client service status. . . . . . . . . . . . . . . . . . . . . . . . . 36
Enabling the iSNS client service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Disabling the iSNS client service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Clearing the iSNS client configuration. . . . . . . . . . . . . . . . . . . . . . . . 37
iv

53-1001816-01
Chapter 6
Troubleshooting iSCSI
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Index

53-1001816-01
vi

53-1001816-01
Figures
Figure 1
iSCSI gateway network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Figure 2
iSCSI gateway service basic implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Figure 3
iSCSI-to-FC translation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Figure 4
iSCSI VT basic LUN mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 5
iSCSI VT advanced LUN mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 6
IQN example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 7
Discovery domain set configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Figure 8
FC4-16IP ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Figure 9
iSCSI gateway service in an iSCSI FC zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Figure 10
iSCSI network with iSNS server and clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

53-1001816-01
vii
viii

53-1001816-01
About This Document
In this chapter
How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Whats new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
How this document is organized

This document is organized to help you find the information that you want as quickly and easily as
possible.
The document contains the following components:
Chapter 1, Introduction to the iSCSI Gateway Service, describes the iSCSI gateway service
supported on the Brocade 48000 director running Fabric OS v6.1.0 or higher with one or more
iSCSI-enabled FC4-16IP blades.
Chapter 2, Configuring the FC4-16IP Blade, provides the initial setup steps to deploy an iSCSI
gateway solution.
Chapter 3, Configuring iSCSI Virtual Targets, describes how to create iSCSI virtual targets,
discovery domains, and discovery domain sets. It also describes how to configure
iSCSI VT-to-iSCSI initiator authentication.
Chapter 4, Creating the iSCSI FC Zone, describes how to create an iSCSI zone for discovery
domains.
Chapter 5, Administering the iSNS Client, describes how to enable the iSNS client on an iSCSI
gateway and configure it with an iSNS server.
Supported hardware and software

This document is specific to Fabric OS v6.4.0 running on the Brocade 48000 director with an
FC4-16IP blade installed.

53-1001816-01
ix
Whats new in this document

This is a new document. In previous releases, the information in this document was included in a
chapter of the Fabric OS Administrators Guide.
Other than moving the iSCSI information from the Fabric OS Administrators Guide to this
document, no other changes were made.
Document conventions
This section describes text formatting conventions and important notice formats used in this
document.
Text formatting
The narrative-text formatting conventions that are used are as follows:
bold text
Identifies command names

Identifies the names of user-manipulated GUI elements
Identifies keywords and operands
Identifies text to enter at the GUI or CLI
italic text
Provides emphasis
Identifies variables
Identifies paths and Internet addresses
Identifies document titles
code text
Identifies CLI output

Identifies command syntax examples
For readability, command names in the narrative portions of this guide are presented in mixed
lettercase: for example, switchShow. In actual examples, command lettercase is all lowercase.
Command syntax conventions

Command syntax in this manual follows these conventions:
command
Commands are printed in bold.
--option, option
Command options are printed in bold.
-argument, arg
Arguments.
[]
Optional element.
variable
Variables are printed in italics. In the help pages, values are underlined or
enclosed in angled brackets < >.

53-1001816-01
...
Repeat the previous element, for example member[;member...]
value
Fixed values following arguments are printed in plain font. For example,
--show WWN
Boolean. Elements are exclusive. Example: --show -mode egress | ingress
Command examples
This book describes how to perform configuration tasks using the Fabric OS command line
interface, but does not describe the commands in detail. For complete descriptions of all Fabric OS
commands, including syntax, operand description, and sample output, see the Fabric OS
Command Reference.
Notes, cautions, and warnings

The following notices and statements are used in this manual. They are listed below in order of
increasing severity of potential hazards.
NOTE
A note provides a tip, guidance or advice, emphasizes important information, or provides a reference
to related information.
ATTENTION
An Attention statement indicates potential damage to hardware or data.
CAUTION
A Caution statement alerts you to situations that can be potentially hazardous to you or cause
damage to hardware, firmware, software, or data.
DANGER
A Danger statement indicates conditions or situations that can be potentially lethal or extremely
hazardous to you. Safety labels are also attached directly to products to warn of these conditions
or situations.
Key terms
For definitions specific to Brocade and Fibre Channel, see the technical glossaries on MyBrocade.
See Brocade resources on page xii for instructions on accessing MyBrocade.
For definitions of SAN-specific terms, visit the Storage Networking Industry Association online
dictionary at:
http://www.snia.org/education/dictionary

53-1001816-01
xi
Notice to the reader

This document may contain references to the trademarks of the following corporations. These
trademarks are the properties of their respective companies and corporations.
These references are made for informational purposes only.
Corporation
Referenced Trademarks and Products
Microsoft Corporation
Windows, Windows NT, Internet Explorer
Sun Microsystems, Inc.
Sun, Solaris
Netscape Communications Corporation
Netscape
Red Hat, Inc.
Red Hat, Red Hat Network, Maximum RPM, Linux Undercover
Additional information
This section lists additional Brocade and industry-specific documentation that you might find
helpful.
Brocade resources
To get up-to-the-minute information, go to http://my.brocade.com to register at no cost for a user ID
and password.
For practical discussions about SAN design, implementation, and maintenance, you can obtain
Building SANs with Brocade Fabric Switches through:
http://www.amazon.com
White papers, online demos, and data sheets are available through the Brocade Web site at:
http://www.brocade.com/products-solutions/products/index.page
For additional Brocade documentation, visit the Brocade Web site:
http://www.brocade.com
Release notes are available on the MyBrocade web site and are also bundled with the Fabric OS
firmware.
Other industry resources

For additional resource information, visit the Technical Committee T11 Web site. This Web site
provides interface standards for high-performance and mass storage applications for Fibre
Channel, storage management, and other applications:
http://www.t11.org
For information about the Fibre Channel industry, visit the Fibre Channel Industry Association Web
site:
http://www.fibrechannel.org
xii

53-1001816-01
Getting technical help

Contact your switch support supplier for hardware, firmware, and software support, including
product repairs and part ordering. To expedite your call, have the following information available:
1. General Information
Switch model
Switch operating system version
Software name and software version, if applicable
Error numbers and messages received
supportSave command output
Detailed description of the problem, including the switch or fabric behavior immediately
following the problem, and specific questions
Description of any troubleshooting steps already performed and the results

Serial console and Telnet session logs
syslog message logs
2. Switch Serial Number
The switch serial number and corresponding bar code are provided on the serial number label,
as illustrated below.:
*FT00X0054E9*
FT00X0054E9
The serial number label is located as follows:
Brocade 300, 4100, 4900, 5100, 5300, 7500, 7800, 8000, and Brocade Encryption
SwitchOn the switch ID pull-out tab located inside the chassis on the port side on the left
Brocade 5000On the switch ID pull-out tab located on the bottom of the port side of the
switch
Brocade 7600On the bottom of the chassis

Brocade 48000Inside the chassis next to the power supply bays
Brocade DCXOn the bottom right on the port side of the chassis
Brocade DCX-4SOn the bottom right on the port side of the chassis, directly above the
cable management comb.
3. World Wide Name (WWN)

Use the licenseIdShow command to display the WWN of the chassis.
If you cannot use the licenseIdShow command because the switch is inoperable, you can get
the WWN from the same place as the serial number, except for the Brocade DCX. For the
Brocade DCX, access the numbers on the WWN cards by removing the Brocade logo plate at
the top of the nonport side of the chassis.

53-1001816-01
xiii
Document feedback
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and
completeness of this document. However, if you find an error or an omission, or you think that a
topic needs further development, we want to hear from you. Forward your feedback to:
documentation@brocade.com
Provide the title and version number of the document and as much detail as possible about your
comment, including the topic heading and page number and your suggestions for improvement.
xiv

53-1001816-01
Chapter
Introduction to the iSCSI Gateway Service
In this chapter
iSCSI gateway service overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iSCSI session translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Basic and advanced LUN mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iSCSI component identification of the IQN prefix . . . . . . . . . . . . . . . . . . . . . .
Access control with discovery domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch-to-iSCSI initiator authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Load balancing through connection redirection . . . . . . . . . . . . . . . . . . . . . . .
Supported iSCSI initiators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checklist for configuring iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
2
3
4
5
6
6
8
8
iSCSI gateway service overview

This chapter describes the FC4-16IP blade iSCSI gateway service. The iSCSI gateway service is
supported only on the Brocade 48000 director running Fabric OS v6.1.0 or later with one or more
iSCSI-enabled FC4-16IP blades.
The FC4-16IP iSCSI gateway service is an intermediate device in the network, allowing iSCSI
initiators in an IP SAN to access and utilize storage in a Fibre Channel (FC) SAN as shown in
Figure 1.
F C 4-16IP
iS C S I gateway
F C target 1
iS C S I
initiator
IP
network
L UNs
S AN
L UNs
F C target 2
FIGURE 1
iSCSI gateway network
The iSCSI gateway provides the following services to the iSCSI initiators:
Access to the fabric using virtual FC devices (iSCSI virtual initiator)

Target registration to an iSCSI Name Server (iSNS) for discovery
iSCSI initiator access control using discovery domains and a discovery domain set
Session management, such as session tracking and performance monitoring
Session authentication using CHAP

53-1001816-01
iSCSI session translation
NOTE
The FC4-16IP iSCSI gateway service is not compatible with other iSCSI gateway platforms, including
Brocade iSCSI Gateway or the Brocade Multiprotocol Router.
iSCSI session translation

The iSCSI gateway enables applications on an IP network to use an iSCSI initiator to connect to FC
targets. The iSCSI gateway translates iSCSI protocol to Fibre Channel Protocol (FCP), bridging the IP
network and FC SAN. Figure 2 shows a basic implementation.
FC
target 1
iS C S I
initiator
F C 4-16IP iS C S I gateway
L UNs
FC
portal
IP
portal
IP
network
iS C S I virtual
target (V T )
iS C S I virtual
initiator (V I)
L UNs
FC
target 2
FC
IP
FIGURE 2
S AN
iSCSI gateway service basic implementation
The Brocade FC4-16IP blade acts as an iSCSI gateway between FC-attached targets and iSCSI
initiators. On the iSCSI initiator, iSCSI is mapped between the SCSI driver and the TCP/IP stack. At
the iSCSI gateway port, the incoming iSCSI data is converted to FCP (SCSI on FC) by the iSCSI
virtual initiator, and then forwarded to the FC target. This allows low-cost servers to leverage an
existing FC infrastructure.
To represent all iSCSI initiators and sessions, each iSCSI portal has one iSCSI virtual initiator (VI) to
the FC fabric that appears as an N_Port device with a special WWN format. Regardless of the
number of iSCSI initiators or iSCSI sessions sharing the portal, Fabric OS uses one iSCSI VI per
iSCSI portal.
Figure 3 shows the interaction of different layers from the iSCSI initiator stack to the FC target
stack, including the iSCSI gateway service used during protocol translation.
Application
S torage
(device s erver)
SCSI
SCSI
iS C S I
iS C S I
F C P (F C -4)
FCP
T C P /IP
T C P /IP
F C (F C -2/F C -3)
FC
iS C S I initiator
iS C S I virtual
target (V T )
iS C S I virtual
initiator (V I)
F C target
iS C S I gateway s ervic e
40. 3
FIGURE 3
iSCSI-to-FC translation

53-1001816-01
Basic and advanced LUN mapping
Basic and advanced LUN mapping

Fabric OS provides the following two methods to map physical FC targets (LUNs) to iSCSI virtual
targets (VTs):
basic LUN mapping

advanced LUN mapping
Basic LUN mapping

Fabric OS provides a mechanism that maps LUNs to iSCSI VTs, a one-to-one mapping with unique
iSCSI qualified names (IQNs) for each target. It presents an iSCSI VT for each native FC target to the
IP network and an iSCSI VI for each iSCSI port to the FC fabric.
Figure 4 shows a basic LUN mapping scenario for an FC target with four LUNs.
iS C S I virtual target (V T )
F C target
LUN
LUN
3
40. 9
FIGURE 4
iSCSI VT basic LUN mapping
Advanced LUN mapping

iSCSI VTs can be mapped to more than one physical FC target, and the LUNs can be mapped to
different virtual LUNs. Figure 5 shows an advanced mapping scenario.

53-1001816-01
iSCSI component identification of the IQN prefix
F C target 1
LUN
0
iS C S I virtual target 1
LUN
F C target 2
LUN
0
LUN
20
21
22
23
LUN
24
25
FIGURE 5
iSCSI VT advanced LUN mapping
iSCSI component identification of the IQN prefix

Unique IQNs are used to identify each iSCSI VT. The format for the IQN is
type.date.naming_authority:user_defined. The type.date.naming_authority portion is a
fixed prefix. The default prefix is iqn.2002-12.com.brocade.
The Brocade iSCSI gateway service supports IQN only to identify the iSCSI components, such as the
iSCSI initiator and iSCSI VT. Every iSCSI initiator and iSCSI VT on the same network and SAN must
have a unique IQN.
A Brocade-created IQN includes 2002-12.com.brocade and the device WWN as shown in the
following example:
Type
Date
Auth
User defined
+--++-------++----------++----------------------+
iqn.2002-12.com.brocade:10:00:00:05:1e:aa:bb:cc
A Microsoft-created IQN includes microsoft and the system name:

iqn.2003-11.com.microsoft:win2k-sn-192168101
Figure 6 shows an iSCSI gateway that has three iSCSI VTs and two iSCSI initiators.

53-1001816-01
Access control with discovery domains
iS C S I initiator A
iqn.2003-11.c om.mic ros oft: win2k-s n-192168101
iS C S I virtual targets (V T s )
VT 1
iqn.2002-12.c om.broc ade: 10: 00: 00: 05: 1e: aa: bb: c c
IP Network
VT 2
iqn.2002-12.c om.broc ade: 10: 00: 00: 05: 1e: c c : bb: aa
VT 3
iqn.2002-12.c om.broc ade: 10: 00: 00: 05: 1e: bb: c c : aa
iS C S I initiator B
iiqn.2003-11.c om.mic ros oft: win2k-s n-192168102
FIGURE 6
IQN example
You may create a different IQN prefix using the iscsiSwCfg --modifygw -t tgtname command. The
prefix portion may be used to identify companies or organizations (for example, Brocade or
Microsoft). Your organization may suggest or require a specific format for the prefix portion of the
IQN.
Changing and displaying the IQN prefix

1. Connect and log in to the switch.
2. Enter the iscsiSwCfg --modifygw -t tgtname command, where tgtname is the value you want to
use as the IQN prefix to change the IQN prefix.
switch:admin> iscsiswcfg --modifygw -t iqn.2007-10.com.brocade
The operation completed successfully
3. Enter the iscsiSwCfg --showgw command.

switch:admin> iscsiswcfg --showgw
Target name is: iqn.2007-10.com.brocade
Access control with discovery domains

You can limit access to iSCSI VTs using a discovery domain (DD). A discovery domain is a group of
iSCSI initiators and iSCSI VTs. The iSCSI initiators can access only the iSCSI VTs that are in the
same discovery domain.
Discovery domains are grouped together in a discovery domain set (DDSet). The active discovery
domain set enforces the fabric-wide iSCSI VT access. Only the DDs in the active DDSet are
enforced. You can create multiple discovery domain sets but only one set can be active at a time.
It is also possible to present a single iSCSI portal IP address to the iSCSI initiator when the default
iSCSI port configuration is in effect, and connection redirection is disabled on the blade.

53-1001816-01
Switch-to-iSCSI initiator authentication
Figure 7 shows a discovery domain set (DDSet 1) that contains two discovery domains (DD1 and
DD2). When DDSet 1 is active, iSCSI initiator A can access only iSCSI VT 1 and iSCSI initiator B can
access only VT 2 and VT 3.
DDS et 1
DD1
VT 1
IP network
VT 2
VT 3
DD2
FIGURE 7
Discovery domain set configuration example
Switch-to-iSCSI initiator authentication

iSCSI sessions are authenticated using CHAP (Challenge Handshake Authentication Protocol). The
iSCSI gateway service supports the following three strategies for CHAP authentication:
One-wayOnly the iSCSI VT authenticates the session.

MutualBoth the iSCSI initiator and the iSCSI VT authenticate the session.
Binding user namesSpecific user names can be bound to an iSCSI VT. Only those user names
can be used for authentication during iSCSI login.
NOTE
iSCSI gateway service does not support IPSec.
Load balancing through connection redirection

Connection redirection allows iSCSI sessions to be evenly distributed across ports on the same
blade. Before the maximum number of connections is reached for any given port, logins are
redirected to the next available port, resulting in an even distribution of sessions. This distribution
occurs only during the first login phase. Existing connections are not redistributed when iSCSI ports
change state from disabled to enabled or offline to online.
Connection redirection does not need to be committed as a configuration parameter. It is
independently enabled and disabled.

53-1001816-01
Load balancing through connection redirection
Enabling and disabling connection redirection for load balancing

1. Connect to the switch and log in.
2. Enter the appropriate form of the iscsiSwCfg command for the operation you want to perform:
To enable connection redirection, use the iscsiSwCfg --enableconn command. For

Brocade 48000 directors, the -s slot_number option can be used to enable connection
redirection for specific slots, and the all option may be used to enable connection
redirection for all slots.
The following example enables connection redirection for ports on blades located in slots
3, 4, and 9.
switch:admin> iscsiswcfg --enableconn -s 3,4,9
To disable connection redirection, use the iscsiSwCfg --disableconn command. For the
Brocade 48000 director, the -s slot_number option can be used to disable connection
redirection for specific slots, and the all option may be used to disable connection
redirection for all slots.
The following example disables connection redirection for ports on a blade located in slot
9.
switch:admin> iscsiswcfg --disableconn -s 9
Displaying connection redirection status

2. Enter the iscsiSwCfg --showconn command with the -s all option to display the current status
of connection redirection.
The following is an example.
switch:admin> iscsiswcfg --showconn -s all
Number of records found: 2
Slot
ICR Status
10
enabled
1
disabled

53-1001816-01
Supported iSCSI initiators

Table 1 lists iSCSI initiators supported by the iSCSI gateway service.
TABLE 1
iSCSI initiator driver versions

Windows
MS iSCSI initiator 2.02.

Linux
RH EL 4 default initiator.
2.6.10 - 4.0.2 iSCSI initiator (SourceForge,Net initiator).
2.4.20 - 3.6.2 iSCSI initiator (SourceForge,Net initiator).
SUSE 9.
SUSE 10.
Solaris
iSCSI is built-in with the 5.11 with the latest Solaris Express release.
AIX
iSCSI is built-in in the 5.3 ML4
HP-UX
11i v1 - B.11.23.03e
11 iv2 - B.11.23.03e
NIC/TOE cards
iSCSI HBAs
Alacritech SES2002XT
Qlogic 4050c
Checklist for configuring iSCSI

After you install the FC4-16IP blade in the Brocade 48000 director (see the Brocade FC4-16IP
Hardware Reference Manual), you configure the iSCSI gateway service. Table 2 provides a
high-level overview of the commands and links to the sections that detail the procedures. See the
Fabric OS Command Reference for detailed information on the commands.
NOTE
You can also configure the iSCSI gateway service through the Web Tools graphical user interface as
an alternative to the command line interface. Refer to the Web Tools Administrators Guide for
descriptions of GUI-based configuration procedures.

53-1001816-01
TABLE 2
iSCSI target gateway configuration steps
Step
Command
Procedure
Activate iSCSI for the

FC4-16IP.
fosConfig --enable iscsi
Enabling the iSCSI gateway

service on page 12
Configure the IP address

for GbE ports.
portCfg ipif slot/ge port create ipaddress

netmask mtu_size
Configuring the GbE interface

on page 14
(Optional) Configure the IP

route for the GbE ports.
portCfg iproute slot/ge port args

on page 14
(Easy) Automatically map

FC targets to iSCSI targets
and names target with
unique IQN.
iscsiCfg --easycreate tgt
Automatic iSCSI VT creation

on page 17
(Advanced) Create iSCSI

virtual target.
iscsiCfg --create tgt t targetname
Manual iSCSI VT creation on

page 19
Add LUNs to the virtual

target.
iscsiCfg --add lun -t targetname \

-w fcwwn -l LUN_map
Create discovery domains.

Where members are iSCSI
components identified
using IQNs.
iscsiCfg --create dd -d ddname \

-m member, member, member,...
Creating discovery domains

on page 23
Create discovery domain

set, where members are
discovery domains.
iscsiCfg --create ddset -n ddset_name \

-d member, member,...
Creating and enabling a

discovery domain set on
page 23
Activate the discovery

domain set.
iscsiCfg --enable ddset n ddset_name
Creating and enabling a

discovery domain set on
page 23
10 (Optional) Enter user

name and shared secret
for authentication (CHAP).
iscsiCfg --create auth -u user name\

-s secret
Setting the user name and

shared secret on page 24
11 (Optional) Enable CHAP on

the iSCSI virtual target for
which you want
authentication.
iscsiCfg --modify tgt \

t target name a CHAP
Setting the user name and

shared secret on page 24
12 (Optional) Bind specific

user names to iSCSI
virtual targets to control
access.
iscsiCfg --addusername tgt \

t target name -u user name
Binding user names to an iSCSI

VT on page 24
13 Commit configuration
(items configured in steps
4-9).
iscsiCfg --commit all
Committing the iSCSI-related

configuration on page 25
14 Create the iSCSI FC zone.
zoneCreate zonename,
member,member,..."
Creating an iSCSI FC zone on

page 30
15 Add iSCSI FC zone to zone

configuration.
cfgAdd cfgname, zone1, zone2
Creating an iSCSI FC zone on
16 Enable zone
configuration.
cfgEnable cfgname

53-1001816-01
page 30
Creating and enabling a zoning
configuration on page 33
TABLE 2
iSCSI target gateway configuration steps (Continued)
Step
17
(Optional) Enable
connection redirection for
load balancing.
18 (Optional) Configure iSNS

client.
10
Command
Procedure
iscsiSwCfg --enableconn -s
slot number | all
Enabling and disabling

connection redirection for load
balancing on page 7
fosConfig --enable isnsc

Enabling the iSNS client
isnscCfg --set slot/ge port -s iSNS_server_IP service on page 36
isnscCfg --set -m -s iSNS_server_IP

53-1001816-01
Chapter
Configuring the FC4-16IP Blade
In this chapter
FC4-16IP port numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling the iSCSI gateway service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling GbE ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the GbE interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
12
13
14
FC4-16IP port numbering

The FC4-16IP blade has both GbE ports and FC ports, as shown in Figure 8. Ports are addressed
using slot number and port number notation, for example, 2/7. FC ports are numbered from 0
through 7; GbE ports are numbered from ge0 through ge7.
NOTE
The FC4-16IP blade does not support FCIP functionality.

53-1001816-01
11
Enabling the iSCSI gateway service
s c al e:
5/ 16" = 1"
56-0000590-01 Rev A
!
ge7
ge7
ge6
ge5
ge4
G bE ports
GE
ge3
ge2
ge1
ge0
ge0
7
F C ports
FC
3
FC4
16IP
40. 1
FIGURE 8
FC4-16IP ports
Enabling the iSCSI gateway service

The iSCSI gateway service translates and directs SCSI traffic between an iSCSI initiator and an
FC target. This section explains how to enable the iSCSI gateway service on the Brocade 48000.
Before enabling the iSCSI gateway service, install and configure the FC4-16IP blade in a Brocade
48000 as described in the Brocade FC4-16IP Hardware Reference Manual.
2. Enter the fosConfig --show command to check whether the iSCSI gateway service is enabled.
switch:admin> fosconfig --show
FC Routing service:
iSCSI service:
iSNS Client service:
12
disabled
disabled
disabled

53-1001816-01
Enabling GbE ports
3. Enter the fosConfig --enable command to enable the iSCSI gateway service.
switch:admin> fosconfig --enable iscsi
iSCSI service is enabled
4. Verify that the iSCSI gateway service is enabled.

FC Routing service:
iSCSI service:
disabled
enabled
disabled
Enabling GbE ports

By default, GbE ports are enabled on an FC4-16IP blade installed in the Brocade 48000. However,
if you insert the FC4-16IP blade into a slot that was previously occupied by an FR-18i blade, GbE
ports are disabled.
Before enabling the physical iSCSI interface, enable the iSCSI gateway service as described in
Enabling the iSCSI gateway service on page 12.
NOTE
The GbE port number port_number below is entered geX; where X is from 0 through 7.
For example ge1 (see Figure 8 on page 12).
2. Enter the portCfgShow command with the blade slot number and GbE port number parameters
to display the Persistent Disable setting of the port.
switch:admin> portcfgshow 10/ge0
Mode:
ISCSI
Persistent Disable:
ON
Ipif configuration:
Interface
IP Address
NetMask
MTU
---------------------------------------------------------0
30.0.130.100
255.255.0.0
1500
Arp configuration:
IP Address
Mac Address
-----------------------------Iproute Configuration:
IP Address
Mask
Gateway
Metric
------------------------------------------------------
3. Take the appropriate action based on the Persistent Disable setting:
If it is set to OFF, proceed to step 4.

If it is set to ON, enter the portCfgPersistentEnable command with the slot number and
GbE port number.
switch:admin> portcfgpersistentenable 10/ge0

53-1001816-01
13
4. Enter the portCfgShow command with the slot number and GbE port number to verify that the
port is persistently enabled.
In the following sample output, the Persistent Disable setting is set to OFF.
switch:admin> portcfgshow 10/ge0
Mode:
ISCSI
Persistent Disable:
OFF
Ipif configuration:
Interface
IP Address
NetMask
MTU
---------------------------------------------------------0
30.0.130.100
255.255.0.0
1500
Arp configuration:
IP Address
Mac Address
-----------------------------Iproute Configuration:
IP Address
Mask
Gateway
Metric
------------------------------------------------------

NOTE
You can set the TCP/IP parameters of a GbE port even when iSCSI gateway service is disabled.
Address resolution protocol (ARP) entries for the IP interfaces are created automatically when you
verify the network connectivity using the ping command. You can add additional ARP entries if you
wish.
Optionally, you can define static routes to reach the destination IP through a preferred gateway. The
gateway must be on the same subnet as the GbE port. You can specify a maximum of 32 routes per
GbE port.
2. Enter the portCfg command as follows to assign an IP address, subnet mask, and maximum
packet size of the interface:
switch:admin> portcfg ipif 3/ge0 create 30.0.127.30 255.255.0.0 8256
NOTE
1500 bytes is the standard maximum packet size in an IP network. If your network supports
jumbo packets, a value of 8256 can improve performance. The range allowed is 1500 to 8256
KB.
3. Enter the portShow command to verify the settings:
switch:admin> portshow ipif 3/ge0
Slot: 3 Port: ge0
Interface IP Address
NetMask
Effective MTU Flags
------------------------------------------------------------0
30.0.127.30
255.255.0.0
8256
14

53-1001816-01
4. (Optional) Enter the portCfg command to define static routes to reach the destination IP
through a preferred gateway.
switch:admin> portcfg iproute 3/ge0 create 0.0.0.0 0.0.0.0 30.0.0.1 1
Operation Succeeded
The gateway must be on the same subnet as the GbE port. You can specify a maximum of 32
routes per GbE port.
5. (Optional) Verify the route as follows:
switch:admin> portshow iproute 3/ge0
Slot: 3 Port: ge0
IP Address
Mask
Gateway
Metric
Flags
------------------------------------------------------------0.0.0.0
0.0.0.0
30.0.0.1
1
30.0.0.0
255.255.0.0
30.0.127.30
0
Interface
6. Enter the portCmd --ping command to verify the network connection:

switch:admin> portcmd --ping 3/ge0 -s 30.0.127.30 -d 30.0.0.1
Pinging 30.0.0.1 from ip interface 30.0.127.30 on 3/ge0 with 64 bytes of data
Reply from 30.0.0.1: bytes=64 rtt=0ms ttl=255
Ping Statistics for 30.0.0.1:
Packets: Sent = 4, Received = 4, Loss = 0 ( 0 percent loss)
Min RTT = 0ms, Max RTT = 0ms Average = 0ms
7.
(Optional) Enter the portCfg arp command to configure additional ARP entries.
switch:admin> portcfg arp 3/ge0 add 30.0.30.11 00:0F:1F:69:99:88
Operation Succeeded
8. (Optional) Verify the entry using the portShow command.

switch:admin> portshow arp 3/ge0
Slot: 3 Port: ge0
IP Address
Mac Address
Flags
----------------------------------------------------------30.0.30.214
00:c0:dd:07:81:13
Resolved
30.0.0.1
00:11:93:58:fd:7f
Resolved
30.0.30.11
00:0f:1f:69:99:88
Permanent Resolved

53-1001816-01
15
16

53-1001816-01
Chapter
Configuring iSCSI Virtual Targets
In this chapter
iSCSI virtual target configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Discovery domain and domain set configuration . . . . . . . . . . . . . . . . . . . . .
iSCSI initiator-to-VT authentication configuration . . . . . . . . . . . . . . . . . . . . .
Committing the iSCSI-related configuration . . . . . . . . . . . . . . . . . . . . . . . . .
Resolving conflicts between iSCSI configurations. . . . . . . . . . . . . . . . . . . . .
LUN masking considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
22
24
25
26
27
iSCSI virtual target configuration

Configuring an iSCSI environment involves creating iSCSI virtual targets (VTs), discovery domains
(DDs), discovery domain sets (DDSets), and defining iSCSI VT-iSCSI initiator authentication.
You create iSCSI VTs using the LUN values of FC targets. The FC target must be accessible from the
iSCSI gateway. iSCSI VTs can be automatically generated or manually created.
After mapping iSCSI targets do not move the targets out of Administrative Domain 0 (AD0), unless
you then explicitly add them back to AD0.
Automatic iSCSI VT creation

An iSCSI VT is created using target LUNs from the attached FC network. LUNs are mapped to iSCSI
VTs by creating unique iSCSI Qualified Names (IQNs) for each target.
You can create iSCSI VTs by using the iscsiCfg --easycreate tgt command. There are two options.
An iSCSI VT may be created for every FC target. IQNs are created automatically, using the port
WWNs as the user defined portion of the IQN.
A port WWN may be specified to create one ISCSI VT with all LUNs for that FC target. The WWN
of the FC target is used as the user defined portion of the IQN.
Generating iSCSI VTs for every FC target

2. Enter the iscsiCfg --easycreate tgt command to create iSCSI targets with all available FC
targets.
The command returns a prompt indicating that this could be a long running operation.
3. Enter y or yes to continue.

53-1001816-01
17
IQNs are created. The default value of iqn.2002-12.com.brocade, is used for the prefix
unless it has been changed by using the iscsiSwCfg --modifygw -t tgtname command. The port
WWN is used as the user-defined portion of the IQN.
switch:admin> iscsicfg --easycreate tgt
This will create iSCSI targets for ALL FC targets.
This could be a long-running operation. Continue [N]: y
Index
FC WWN
iSCSI Name
Status
9
2e:1f:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:1f:00:06:2b:0d:10:ba
Operation Succeeded
10
2e:3f:00:06:2b:0d:10:ba
Operation Succeeded
11
2e:5f:00:06:2b:0d:10:ba
Operation Succeeded
12
2e:7f:00:06:2b:0d:10:ba
Operation Succeeded
13
2e:9f:00:06:2b:0d:10:ba
Operation Succeeded
14
2e:bf:00:06:2b:0d:10:ba
iqn.2002-12.com.brocade:2e:bf:00:06:2b:0d:10:ba
Operation Succeeded
4. Enter the iscsiCfg --show tgt command to display the iSCSI target database entries.
switch:admin> iscsicfg --show tgt
18
Name:
State/Status:
Online/Defined
Name:
State/Status:
Online/Defined
Name:
State/Status:
Online/Defined
Name:
State/Status:
Online/Defined
Name:
State/Status:
Online/Defined
Name:
State/Status:
iqn.2002-12.com.brocade:2e:bf:00:06:2b:0d:10:ba
Online/Defined

53-1001816-01
Generating an iSCSI VT for a specific FC target

2. Enter the iscsiCfg --easycreate tgt command with the -w port WWN option to create an iSCSI
VT that contains only the storage attached to the specified WWN. The default value of
iqn.2002-12.com.brocade, is used for the fixed prefix, and the port WWN is used as the
user-defined portion of the IQN.
switch:admin> iscsicfg --easycreate tgt -w 21:00:00:04:cf:e7:74:cf
Index
FC WWN
iSCSI Name
Status
5
21:00:00:04:cf:e7:74:cf
iqn.2002-10.com.brocade:21:00:00:04:cf:e7:74:cf
Operation Succeeded
3. Enter the iscsiCfg --show tgt command to display the status of the created iSCSI VTs:
switch:admin> iscsicfg --show tgt
Name:
State/Status:
Auth. Method:
Online/Defined
None
Manual iSCSI VT creation

Create iSCSI VTs manually when there are FC targets on the fabric that should not be mapped to an
iSCSI VT and if you want to map more than one target to the same iSCSI VT or a LUN to an iSCSI VT.
Up to 256 LUNs can be mapped to an iSCSI VT.
2. Enter the iscsiCfg --create tgt command with the -t IQN option to create an undefined iSCSI VT,
that is, an iSCSI VT that contains no LUNs.
The IQN value is an iSCSI Qualified Name entered in the form type.date.naming
authority:user_defined.
The following is an example, using the Brocade default for the type.date.naming authority:
prefix portion of the IQN, followed by a WWN as the user defined portion.
Type
Date
Auth
User defined
+--++------++----------++-----------------------+
iqn.2002-12.com.brocade:10:00:00:05:1e:aa:bb:cc
Every iSCSI initiator and iSCSI VT on the same IP network and SAN must have a unique IQN.
The default for the type.date.naming authority: prefix portion may be changed using the
iscsiSwCfg --modifygw -t tgtname command. Your organization may suggest or require a
specific format for the prefix portion of the IQN. The user defined portion may take any form.
switch:admin> iscsicfg --create tgt -t iqn.2002-12.com.brocade:example-disk001
The operation completed successfully.
3. Enter the iscsiCfg --show tgt command with the -t IQN and -v options to verify the iSCSI VTs.

53-1001816-01
19
switch:admin> iscsicfg --show tgt -t iqn.2002-12.com.brocade:example-disk001

-v
Name:
State/Status:
Auth. Method:
iqn.2002-10.com.brocade.example:disk001
Offline/Defined
None
4. Enter the fcLunQuery command to display a list of connected FC targets and show the LUN
configurations.
switch:admin> fclunquery
Target Index: 1
Target Node WWN: 20:00:00:04:cf:e7:74:cf
Target Port WWN: 21:00:00:04:cf:e7:74:cf
Target Pid: 120d6
Number of LUNs returned by query: 1
LUN ID: 0x00
Target Index: 2
Target Node WWN: 20:00:00:04:cf:e7:73:7e
Target Port WWN: 21:00:00:04:cf:e7:73:7e
Target Pid: 120d9
LUN ID: 0x00
Target Index: 3
Target Node WWN: 2f:ff:00:06:2b:0d:12:99
Target Port WWN: 2f:ff:00:06:2b:0d:12:99
Target Pid: 12300
LUN ID: 0x00
LUN ID: 0x01
LUN ID: 0x02
LUN ID: 0x03
LUN ID: 0x04
5. Enter the iscsiCfg --add lun command with t IQN, w port_WWN, and l n:n options to add
an FC device to an existing iSCSI VT.
switch:admin> iscsicfg --add lun -t iqn.2002-12.com.brocade:example-disk001 \
-w 21:00:00:04:cf:e7:73:7e -l 0:0
6. Enter the iscsiCfg --show lun command with t IQN options to verify that the LUN has been
added to the iSCSI VT, where -t is the IQN that identifies the iSCSI VT.
switch:admin> iscsicfg --show lun -t iqn.2002-12.com.brocade:example-disk001
Number of targets found: 1
Target: iqn.2006-10.com.example:disk001
Number of LUN Maps: 1
FC WWN
Virtual LUN(s)
21:00:00:04:cf:e7:73:7e
0
20
Physical LUN(s)
0

53-1001816-01
Mapping LUNs on a specific port to an iSCSI VT

2. Enter the iscsiCfg --add lun command with t IQN, w port_WWN, and l n:n options to add
LUNs attached to a specific port device to an iSCSI VT.
The following example maps two LUNs attached to port 2f:ff:00:06:2b:0d:12:99 to an iSCSI VT
named iqn.2002-12.com.brocade:example-disk001.
switch:admin> iscsicfg --add lun -t iqn.2002-12.com.brocade:example-disk001 \
-w 2f:ff:00:06:2b:0d:12:99 -l 1-2:0-1
switch:admin> iscsicfg --show lun -t iqn.2002-12.com.brocade:example-disk001
Target: iqn.2002-12.com.brocade:example-disk001
FC WWN
Virtual LUN(s)
21:00:00:04:cf:e7:73:7e
0
2f:ff:00:06:2b:0d:12:99
1-2
Physical LUN(s)
0
0-1
Deleting LUNs from an iSCSI VT

You can delete individual LUNs, a list or range of LUNs, or all LUNs associated with an iSCSI VT.
2. Enter the iscsiCfg --delete lun command with t target_IQN, w port_WWN, and l LUN_list
options to delete a LUN or LUNs.
switch:admin>iscsicfg --delete lun -t iqn.2005-10.com.brocade:tgt1 -l 2-4,5
3. Enter the iscsiCfg --commit all command to commit the changes to the database. If the LUN
deletion is one of several configuration changes, you may want to refer to Committing the
iSCSI-related configuration for extra detail on the commit process.
Displaying the iSCSI virtual target LUN map

2. Enter the iscsiCfg --show lun command to display the LUN database.
switch:admin> iscsicfg --show lun
FC WWN
Virtual LUN(s)
21:00:00:04:cf:e7:73:7e
0
2f:ff:00:06:2b:0d:12:99
1-2
Physical LUN(s)
0
0-1
Target: iqn.2002-10.com.brocade:21:00:00:04:cf:e7:74:cf
FC WWN
Virtual LUN(s)
Physical LUN(s)
21:00:00:04:cf:e7:74:cf
0
0x0000000000000000

53-1001816-01
21
Discovery domain and domain set configuration
Displaying iSCSI VT state and status

The following information can be displayed for each iSCSI VT:
Name IQN for the iSCSI VT.

State Whether the FC target is online or offline.
Status Whether the iSCSI VT has been defined (configuration completed but not committed)
or is committed (active and available to iSCSI initiators).
Authentication method Indicates CHAP if authentication is enabled for the iSCSI VT.
2. Enter the iscsiCfg --show tgt command with the -v option to display the iSCSI VTs:
switch:admin> iscsicfg --show tgt -v
Name:
State/Status:
Auth. Method:
iqn.2006-10.com.example-disk001
Online/Defined
None
Name:
State/Status:
Auth. Method:
Online/Defined
None

Discovery domains and discovery domain sets can be used to configure access control between
iSCSI initiators and iSCSI VTs manually.
A discovery domain (DD) controls iSCSI initiator access to iSCSI VTs. A DD is a group of iSCSI
initiators and iSCSI VTs identified by IQNs. The iSCSI initiators can access only the iSCSI VTs that
are in the DD to which they are assigned. When there are no discovery domains, all iSCSI initiators
can access all iSCSI VTs.
If iSNS (internet storage name service) is enabled, then configure access control on the iSNS
server; discovery domains and discovery domain sets configured in Fabric OS are not supported if
the iSNS service is enabled on the fabric.
You can create four discovery domain sets (DDSets), but only one set can be enforced at a time.
DDsets allow you to enable and disable fabric-wide iSCSI VT access with a single command.
An enabled DDSet is enforced fabric-wide. In a deployment with an active DDSet, only iSCSI
initiators in an enforced DD can access iSCSI VT in the same DD.
If you do not configure either discovery domains or iSNS for access control, then any iSCSI initiator
on the IP network can access all iSCSI VTs (and therefore all FC targets) in the fabric.
Displaying iSCSI initiator IQNs

All iSCSI components in a DD must be identified using IQNs. Fabric OS temporarily stores the IQNs
and IP addresses of iSCSI initiators that have logged in the gateway.
NOTE
If an iSCSI initiator has more than one IP address, only one of the IP addresses is displayed.
22

53-1001816-01

2. Enter the iscsiCfg --show initiator command to display iSCSI initiator IQNs.
switch:admin> iscsicfg --show initiator
Name
iqn.1991-05.com.microsoft:host001.brocade.com
IP Address
30.0.30.11
Creating discovery domains

2. Enter the iscsiCfg --create dd command with the -d option to define the discovery domain.
switch:admin> iscsicfg --create dd -d dd-host001 m \
"iqn.1991-05.com.microsoft:host001.brocade.com,iqn.2006-10.com.example:disk001"
3. To verify enter the iscsiCfg --show dd command:

switch:admin> iscsicfg --show dd
Name:
dd-host001
Status:
Defined
Num. Members:
2
iqn.2006-10.com.example:disk001
Creating and enabling a discovery domain set

2. Enter the iscsiCfg --create ddset command with the -n and -d options to create a new DDSet:
switch:admin> iscsicfg --create ddset -n ddset-engineering -d dd-host001
3. Enter the iscsiCfg --show ddset command with the -v option to verify the DDSet.
switch:admin> iscsicfg --show ddset -v
Name:
State/Status:
Num. members:
ddset-engineering
disabled/Defined
1
dd-host001
iqn.2006-10.com.example:disk001
4. Enter the iscsiCfg --enable ddset command with the -n option to enable the DDSet:
switch:admin> iscsicfg --enable ddset -n ddset-engineering
This will enable the DDSet specified.
Continue (yes, y, no, n) [n]: y

53-1001816-01
23
iSCSI initiator-to-VT authentication configuration
iSCSI initiator-to-VT authentication configuration

Fabric OS v6.1.0 or later supports both one-way and mutual CHAP authentication for iSCSI
initiator-to-iSCSI VT target sessions. The authentication method (CHAP or none) is set on a
per-iSCSI VT basis.
Setting the user name and shared secret

Authentication depends on a user name and shared secret. When an iSCSI VT authenticates an
iSCSI initiator, it checks the user name and shared secret against all configured CHAP values. To
enforce authentication of iSCSI initiators, set each iSCSI VT authentication to CHAP. The iSCSI
initiator can use any user name and shared secret for any iSCSI VT configured on the fabric.
2. Enter the iscsiCfg --create auth command with the -u and -s options to configure a user name
and shared secret:
switch:admin> iscsicfg --create auth -u username0001 -s usersecret0001
3. Enter the iscsiCfg --modify tgt command with the -t and -a options to set CHAP as the
authentication method:
switch:admin> iscsicfg --modify tgt -t iqn.2006-10.com.brocade:example-disk001
-a CHAP
4. To verify that CHAP is enabled for the iSCSI VT, enter the iscsiCfg --show tgt command with the
-t and -v options:
switch:admin> iscsicfg --show tgt -t iqn.2006-10.com.brocade:example-disk001
-v
Name:
State/Status:
Auth. Method:
iqn.2006-10.com.brocade:example-disk001
Online/Defined
CHAP
Binding user names to an iSCSI VT

For additional security, you can bind specific user names to an iSCSI VT. When you do this, the
specific user name and CHAP secret combination is required for authentication during the iSCSI
login phase. The maximum number of user names that can be bound per iSCSI VT is 16.
2. Enter the isciCfg --addusername tgt command with the -t and -u options to bind a user name:
switch:admin> iscsicfg --addusername tgt -t iqn.2002-10.com.brocade:tgt -u
"isisctgt1;hello123"
This operation completed successfully.
3. Enter the iscsiCfg --commit all command to commit the iSCSI configuration database to
nonvolatile memory.
4. Enter the iscsiCfg --show tgt command with the -t and -v options to verify that a user name has
been bound to the iSCSI VT:
24

53-1001816-01
Committing the iSCSI-related configuration
switch:admin> iscsicfg --show tgt -t iqn.2002-10.com.brocade:tgt -v

Name:
CHAP Users
1. iscsitgt1
2. hello123
iqn.2002-10.com.brocade:tgt1
CHAP Status
Online/Committed
Invalid
Deleting user names from an iSCSI VT binding list

User names can be deleted from the list of bound user names.
2. Enter the isciCfg --deleteusername tgt command with the -t and -u options to delete a user
name:
switch:admin> iscsicfg --deleteusername tgt -t iqn.2002-10.com.brocade:tgt -u
isisctgt1
This operation completed successfully.
Displaying CHAP configurations

You can display a list of the user names that have been set up on the fabric for iSCSI initiator
authentication.
2. Enter the iscsiCfg --show auth command to display the list of user names.
switch:admin> iscsicfg --show auth
Name
username0001
Status
Defined
Committing the iSCSI-related configuration

After you have configured iSCSI-related configuration parameters, including iSCSI VTs, discovery
domains, discovery domain sets, and CHAP authentication, after they have been defined, you must
save them through a commit process. Each set of changes, additions, and deletions is called a
transaction.
Review the current transaction before committing the changes; when the changes are committed,
they are enforced fabric-wide.
The commit process option triggers propagation of the database to all iSCSI-capable platforms in
the fabric and commits the changes.
ATTENTION
Make all necessary changes to the databaseVT creation, LUN additions, DD creation, DDSet
creation, and so onbefore issuing the iscsiCfg --commit all command.
2. Enter the iscsiCfg --show transaction command to display the pending transactions:

53-1001816-01
25
Resolving conflicts between iSCSI configurations
switch:admin> iscsicfg --show transaction

Active transaction ID is: 10490 and the owner is: CLI.
The following groups have been modified:
1. Auth. group.
2. Target/LUN group.
3. DD/DDSet group.
3. Enter the iscsiCfg --commit all command to save the transactions:

switch:admin> iscsicfg --commit all
This will commit ALL database changes made to all iSCSI switches in fabric.
This could be a long-running operation.
4. Enter the iscsiCfg --show transaction command to verify that the changes were committed:
switch:admin> iscsicfg --show transaction
There is no active transaction
Resolving conflicts between iSCSI configurations

When you merge two fabrics with different iSCSI configurations, a conflict will result. If there is a
conflict, the database will not be merged and you must resolve the conflict. The iscsiCfg --show
fabric command displays the out of sync state. The rest of the switches continue to function
normally, however, since there is no segmentation of E_Ports as a result of discovery domain set
database conflicts.
2. Enter the iscsiCfg --show fabric command to check for an iSCSI configuration conflict:
switch:admin> iscsicfg --show fabric
Switch ID
Switch WWN
220
10:00:00:05:1e:36:0d:f8
* 1
10:00:00:60:69:e0:01:56
Switch State
Out of Sync
--
Aggregated iSCSI database state for fabric:
iSNSC
Disabled
Disabled
Out of Sync
3. On each switch enter the iscsiCfg --show ddset command to find the switch that has the
database you want to use:
switch:admin> iscsicfg --show ddset
Name:
State/Status:
Num. members:
ddset-engineering
Enabled/Committed
1
4. Enter the iscsiCfg --commit all command with the -f option on the switch with the database
you want to use fabric-wide:
switch:admin> iscsicfg --commit all -f
This will commit ALL database changes made to all iSCSI switches in fabric.
This could be a long-running operation.
5. Enter the iscsiCfg --show fabric command to verify that the conflict has been resolved:
switch:admin> iscsicfg --show fabric
26

53-1001816-01
LUN masking considerations
Switch ID
220
* 1
Switch WWN
10:00:00:05:1e:36:0d:f8
10:00:00:60:69:e0:01:56
Switch State
In Sync
--
Aggregated iSCSI database state for fabric:
iSNSC
Disabled
Disabled
In Sync

The node WWN and port WWN of the local switch are used to query LUNs on the physical target. If
the physical target uses LUN masking to control access, these WWNs must be added to the LUN
masking to ensure that the LUN query returns the LUNs to the switch.
You can obtain these WWNs in either of two ways:
Enter the iscsiCfg --easycreate tgt command with the -s option to return the node and port
WWNs of the switch.
switch:admin> iscsicfg --easycreate tgt -s
The following WWNs will be used for any easycreate operation from this switch:
Node WWN: 10:00:00:60:69:80:04:4a
Port WWN: 21:fd:00:60:69:80:04:4a
Enter the fcLunQuery command with the -s option to return the node and port WWNs of the
switch.
switch:admin> fclunquery -s
The following WWNs will be used for any lun query from this switch:
Node WWN: 10:00:00:60:69:80:04:4a
Port WWN: 21:fd:00:60:69:80:04:4a

53-1001816-01
27
28

53-1001816-01
Chapter
Creating the iSCSI FC Zone
In this chapter
iSCSI FC zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Zoning configuration creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
iSCSI FC zoning overview

After you have finished setting up the iSCSI target gateway, you can create an iSCSI FC zone for
discovery domains. However, if you do not have a zoning license, or if zoning is not implemented,
you cannot create an iSCSI FC zone for discovery domains.
Depending on whether you have an effective zone configuration enabled in the current fabric, you
will be able to choose where to put the iSCSI FC zone. It can be either contained in a defined
configuration or integrated into the effective configuration. Figure 9 illustrates a defined iSCSI FC
Zone containing iSCSI virtual initiators and FC targets.
DD1
iS C S I G bE portal group
FC
T arget 1
L UNs
VT 1
IP network
IP
P ortal
iS C S I virtual initiator
IP
P ortal
IP
P ortal
IP
P ortal
IP
P ortal
L UNs
VT 2
DD2
VT 3
IP
S AN
FC
T arget 3
L UNs
FC
L UNs
iS C S I zone
FIGURE 9
FC
T arget 2
FC
T arget 4
iSCSI gateway service in an iSCSI FC zone
If default zoning is set to No Access, you must create an iSCSI FC zone so that the devices can talk
to each other.
If default zoning is set to All Access with no effective zone configuration, then you can create an
iSCSI FC zone and add it to a defined configuration, but you do not need to enable the defined
configuration. In this case, all devices can talk to each other already. However, to avoid future
congestion in the SAN, you should implement a zoning plan for the devices.

53-1001816-01
29
When you execute the cfgClear or cfgDisable commands, discovery domains and discovery domain
sets are not deleted.
You can create zones, add and remove members from a zone, and delete zones. These zone
operations function the same way with iSCSI as without. To learn more about these operations, see
the Fabric OS Administrators Guide and the zoneCreate command in the Fabric OS Command
Reference.
ATTENTION
If you decide to start zoning the devices, you must create zones for all the devices in the SAN or you
will not be able to access the devices that are not in a zone.
iSCSI FC zone creation

To create an iSCSI FC zone, you must include the following iSCSI elements in the zone:
The FC targets, used to create the virtual targets (VT).

The iSCSI virtual initiators (VIs):
- If there is more than one FC4-16IP blade in the chassis, you must add all virtual initiators
to the same zone.
If there is more than one FC4-16IP blade in the fabric, you must add all virtual initiators
from all switches to the same zone.
If connection redirection is not used, only the VI correlating to the iSCSI target portal used
by the host(s) needs to be used.
If connection redirection is used all 8 VIs for the FC4-16IP blade must be used.
If the iSCSI host(s) are accessing the VT from more than one FC4-16IP blade in the fabric
(MPIO), you must add all virtual initiators from all switches to the same zone.
If the iSCSI host(s) are accessing the VT from more than one FC4-16IP blade in the chassis
(MPIO), you must add all virtual initiators to the same zone.
Although you can add the iSCSI FC target and virtual initiator to an existing zone, it is advisable to
create a separate zone so that iSCSI gateway service components can be easily differentiated from
other devices in SAN fabric zones.
To more easily handle groups of targets and initiators, you can create aliases for each group. You
can create aliases, add and remove members from an alias, and delete aliases. These operations
function the same way with iSCSI as they do without. To learn more about these operations, see the
Fabric OS Administrators Guide and the aliCreate command in the Fabric OS Command
Reference.
The following procedures describe the commands to run to get the iSCSI information you must
provide during the zone creation process.
NOTE
You must install Brocade Advanced Zoning licenses on all the switches in the fabric before
attempting to configure zones. The Brocade 48000 must have the zoning license installed.
Creating an iSCSI FC zone

1. Log in to the director.
2. Enter the iscsiCfg --show command to display the WWN information for the FC targets:
30

53-1001816-01
switch:admin> iscsicfg --show lun

FC WWN
Virtual LUN(s)
21:00:00:04:cf:e7:73:7e
0
2f:ff:00:06:2b:0d:12:99
1-2
Physical LUN(s)
0
0-1
Target: iqn.2002-10.com.brocade:21:00:00:04:cf:e7:74:cf
FC WWN
Virtual LUN(s)
Physical LUN(s)
21:00:00:04:cf:e7:74:cf
0
0x0000000000000000
3. Write down or copy and paste the FC WWN information for each LUN, which you will need
during the zone creation process.
4. Enter the nsShow command to display the WWN information for the iSCSI virtual initiators:
switch:admin> nsshow
{
Type Pid
COS
PortName
NodeName
TTL(sec)
NL
0120d6;
3;21:00:00:04:cf:e7:74:cf;20:00:00:04:cf:e7:74:cf; na
FC4s: FCP [SEAGATE ST336607FC
0004]
Fabric Port Name: 20:20:00:60:69:e0:01:56
Permanent Port Name: 21:00:00:04:cf:e7:74:cf
Port Index: 32
Share Area: No
Device Shared in Other AD: No
NL
0120d9;
3;21:00:00:04:cf:e7:73:7e;20:00:00:04:cf:e7:73:7e; na
FC4s: FCP [SEAGATE ST336607FC
0004]
Permanent Port Name: 21:00:00:04:cf:e7:73:7e
Port Index: 32
Share Area: No
N
012300;
3;2f:ff:00:06:2b:0d:12:99;2f:ff:00:06:2b:0d:12:99; na
FC4s: FCP
PortSymb: [52] "LSI7402XP-LC A.0 03-00059-01D FW:01.02.12 Port 1
"
Permanent Port Name: 2f:ff:00:06:2b:0d:12:99
Port Index: 35
Share Area: No
N
012800;
3;50:06:06:9e:00:15:63:00;50:06:06:9e:00:15:63:01; na
FC4s: FCP
PortSymb: [23] "iSCSI Virtual Initiator"
NodeSymb: [51] "IPAddr: 30.0.127.30 Slot/Port: 3/ge0 Logical pn: 40"
Fabric Port Name: 00:00:00:00:00:00:00:00
Permanent Port Name: 50:06:06:9e:00:15:63:00
Port Index: 40
Share Area: No
N
012900;
3;50:06:06:9e:00:15:63:08;50:06:06:9e:00:15:63:09; na
FC4s: FCP
Fabric Port Name: 00:00:00:00:00:00:00:00
Port Index: 41

53-1001816-01
31
Share Area: No
012a00;
3;50:06:06:9e:00:15:63:10;50:06:06:9e:00:15:63:11; na
FC4s: FCP
Fabric Port Name: 00:00:00:00:00:00:00:00
Port Index: 42
Share Area: No
The Local Name Server has 6 entries }
5. Write down or copy and paste the WWN information, which you will use for the aliCreate
command.
To display the FC target WWNs for switches other than the Brocade 48000, telnet into that
switch and run the nsShow command. Record the WWN information displayed.
6. Enter the aliCreate command to create zone aliases. Zone aliases are much easier to use than
long strings of WWN information. The two examples below create aliases for the FC virtual
targets and for the iSCSI virtual initiators:
switch:admin> alicreate ISCSI_TARGETS, "21:00:00:04:cf:e7:74:cf;
21:00:00:04:cf:e7:73:7e; 2f:ff:00:06:2b:0d:12:99"
switch:admin> alicreate ISCSI_VI_SWITCH1_SLOT3, "50:06:06:9e:00:15:63:00;
50:06:06:9e:00:15:63:08; 50:06:06:9e:00:15:63:10"
7.
Enter the cfgSave command to save the change to the defined configuration.
switch:admin> cfgsave
You are about to save the Defined zoning configuration. This
action will only save the changes on the Defined configuration.
Any changes made on the Effective configuration will not
take effect until it is re-enabled.
Do you want to save Defined zoning configuration only? (yes, y, no, n): [no] y
8. Enter the zoneCreate command.

The following example illustrates the creation of a zone by specifying the aliases for FC targets
and iSCSI virtual initiators as members of the named zone.
switch:admin> zonecreate iscsi_zone001, "ISCSI_TARGETS;
ISCSI_VI_SWITCH1_SLOT3"
9. Enter the cfgSave command to save the change to the defined configuration.
action will only save the changes on the Defined configuration.
32

53-1001816-01
Zoning configuration creation

After creating one or more zones, you can add them to the zoning configuration database and
enable the zoning configuration.
For more information about creating and modifying zoning configurations, see the Fabric OS
Administrators Guide and the cfgCreate command in the Fabric OS Command Reference.
Creating and enabling a zoning configuration

1. Connect and log in to the switch as admin.
2. Enter the cfgCreate command to create a zone configuration.
switch:admin> cfgcreate iscsi_cfg001, iscsi_zone001
3. Enter the cfgSave command to save the change to the defined configuration.
action will only save the changes on Defined configuration.
Updating flash ...
4. Enter the cfgEnable command to enable the zone configuration.

switch:admin> cfgenable iscsi_cfg001
You are about to enable a new zoning configuration.
This action will replace the old zoning configuration with the
current configuration selected.
Do you want to enable 'iscsi_cfg001' configuration (yes, y, no, n): [no] y
zone config "iscsi_cfg001" is in effect
Updating flash ...

53-1001816-01
33
34

53-1001816-01
Chapter
Administering the iSNS Client
In this chapter
iSNS client service configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying iSNS client service status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling the iSNS client service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disabling the iSNS client service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Clearing the iSNS client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
36
36
37
37
iSNS client service configuration

The internet storage name service (iSNS) server facilitates the automatic discovery and manages
access control of iSCSI VTs on a TCP/IP network.
iSNS clients initiate transactions with iSNS servers using the iSNS protocol, register available iSCSI
VTs, download information about other registered clients (such as iSCSI initiators), and receive
notification of events that occur in the DDs.
iS NS
s erver
IP Network
iS NS c lient
iS C S I
VT 1
iS C S I initiator
FC
target 1
iS NS c lient
F C S AN
FIGURE 10
iSCSI network with iSNS server and clients
NOTE
Fabric OS supports only Microsoft iSNS Server v3.0 and later.

53-1001816-01
35
Displaying iSNS client service status
Displaying iSNS client service status

2. Enter the fosConfig command to show the current Fabric OS configuration.
FC Routing service:
disabled
iSCSI service:
enabled
disabled
Enabling the iSNS client service

This section explains how to enable the iSNS client service and configure the iSNS server IP
address. Fabric OS supports one iSNS server connection.
NOTE
If DD and DDSets are configured on the fabric, clear the DD and DDSet configurations before
enabling iSNS client services.
2. Enter the fosConfig --enable isnsc command to enable the iSNS client service:
switch:admin> fosconfig --enable isnsc
3. Enter the fosConfig --show command to verify that the service is enabled:
FC Routing service:
disabled
iSCSI service:
enabled
enabled
4. Set the IP address of the iSNS server. You can use either the IP address of the GbE port that
attaches the FC4-16IP blade, or the server management port IP address.
a.
Enter the isnscCfg --set command with the -m and -s options to set GbE port IP address.
switch:admin> isnsccfg --set 10/ge0 -s 10.32.0.145
iSNS client configuration updated:
peering with iSNS server 10.32.0.145 on slot 10, port ge0.
b.
Enter the isnscCfg --show command to verify that the iSNS server has been configured
correctly:
switch:admin> isnsccfg --show
iSNS client is peering with iSNS server 10.32.0.145 on slot 10, port ge0.
Operational Status: Connected to iSNS server.
c.
Enter the isnsccfg --set command with the -m and -s options to set the IP address of the
iSNS server management port rather than the GbE port:
switch:admin> isnsccfg set m s 10.33.56.105
iSNS client configuration updated: peering with iSNS server 10.33.56.105 on
the management port.
36

53-1001816-01
Disabling the iSNS client service
5. Enter the isnscCfg --show command to verify that the iSNS server has been configured
correctly:
switch:admin> isnsccfg --show
iSNS client is peering with iSNS server 10.33.56.105 on the management port.
Operational Status: Connected to iSNS server.
6. Enter the isnsccfg --reregister command to re-register the iSNS objects:

switch:admin> isnsccfg --reregister
Disabling the iSNS client service

When the iSNS client service is disabled, the DD and DDSets are kept in the fabric.
2. Enter the fosConfig --disable isnsc command to disable the iSNS client service:
switch:admin> fosconfig --disable isnsc
3. Enter the fosConfig --show command to verify that the service is disabled:
FC Routing service:
disabled
iSCSI service:
enabled
disabled
Clearing the iSNS client configuration

The iSNS client configuration can be cleared with a single command.
2. Enter the isnscCfg --clear command to clear the iSNS configuration:
switch:admin> isnsccfg --clear
Cleared iSNS server IP address

53-1001816-01
37
38
Clearing the iSNS client configuration

53-1001816-01
Chapter
Troubleshooting iSCSI
In this chapter
Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Connectivity
The following issues deal with the iSCSI FC4-16IP blade connectivity between devices.
NOTE
The iSCSI blade FC4-16IP is not supported in the Brocade DCX or DCX-4S enterprise-class platforms.
Symptom
iSCSI host reports connection failed.

Probable cause and recommended action
Network connectivity is having problems.
Verify the IP address using the portShow ipif <slot>/ge<port> command.
Verify the IP route using the portShow iproute <slot>/ge<port> command.
Ping the PC using the portCmd - -ping <slot>/ge<port> -s <source IP> -d <destination IP>
command.
Make corrections to the IP information using the portCfg command.
Below is an example to verify if packets can be sent to the destination IP address with maximum
wait_time specified. Note that a backslash ( \ ) is used to skip the return character so you can
continue the command on the next line without the return character being interpreted by the shell.
switch:admin> portcmd --ping 12/ge0 -s 2007:7:30:32:227:138:10:120 -d \
2007:7:30:32:227:77:0:60 -w 29000
Pinging 2007:7:30:32:227:77:0:60 from ip interface 2007:7:30:32:227:138:10:120
on 12/ge0 with 64
bytes of data
Reply from 2007:7:30:32:227:77:0:60: bytes=64 rtt=0ms ttl=255
Ping Statistics for 2007:7:30:32:227:77:0:60:
Packets: Sent = 4, Received = 4, Loss = 0 ( 0 percent loss)
Min RTT = 0ms, Max RTT = 1ms Average = 0ms

53-1001816-01
39
Connectivity
Symptom
Multiple sessions are established with the same target.

All available ports are reported by SendTargets processing, and sessions are established for each
port to the same target and LUNs.
This can be controlled by configuring the iSCSI host initiator and the GbE port on the FC4-16IP
blade to allow only one connection per session by using the following command:
switch:admin> iscsiportcfg --modify <slot>/ge<port>
-c 1
Also, if connection redirection is configured, it must be disabled by using the following command:
switch:admin> iscsiswcfg --disableconn -s <all>
Symptom
iSCSI host can log in to targets, but cannot mount any disks.
The target is a RAID device, but iSCSI virtual initiators have not been added to the LUN mapping.
Add all iSCSI virtual initiators to the target and allow all iSCSI virtual initiators to access all of the
target LUNs. To display the WWNs of the iSCSI virtual initiators, use nsShow. Use the following
commands to fix this issue:
switch:admin> iscsiportcfg --modify <slot>/ge<port>
switch:admin> iscsiswcfg --disableconn -s <all>
Symptom
-c 1
Easy create cannot find any LUNs on the target.

The target is a RAID device, but the fcLunQuery WWN has not been added to the LUN mapping.
Add the fcLunQuery WWN to the target's LUN mapping. Display the WWNs using the fcLunQuery -s
command.
Or the target is not compatible with fcLunQuery. Create a virtual target and add LUNs manually
using the iscsiCfg command.
Symptom
Cannot get GE ports to go to Online state.

The GE ports are not connected to gigabit Ethernet interfaces.
Make sure the GbE ports are plugged into gigabit Ethernet interfaces. The GE ports cannot be
connected to Ethernet or fast Ethernet interfaces.
40

53-1001816-01
Zoning
Zoning
The following issues address zoning problems that can occur in iSCSI.
Symptom
No DDSet or zoning configuration enabled and iSCSI host cannot discover any targets.
Default zoning is set to no access.
Check default zoning using the defZone --show command.
Either create a zoning configuration or set default zoning to All Access using the defZone
command.
Symptom
Virtual targets have not been created, virtual targets are not online, or changes have not been
committed.
Check virtual targets using the iscsiCfg - -show tgt command.
Make sure all virtual targets are reported as online and committed.
If the virtual target is offline, either no LUNs have been mapped to that virtual target or the physical
LUN is offline. If the virtual target is not committed, then use the iscsiCfg - -commit all -f command.
The -f operand is use to force the commit operation, in which case uncommitted changes on other
switches are erased.
Symptom
No LUNs have been assigned to the virtual targets.
Check LUN mapping using the iscsiCfg - -show lun command.
Make sure LUNs have been assigned to the virtual targets. Assign LUNs using the iscsiCfg --add lun
command.
Symptom
There is an inconsistency in the iSCSI database.
Check using the iscsiCfg - -show fabric command.
Make sure the aggregated state is in sync. If it is not in sync, fix the inconsistency and perform a
commit using the iscsiCfg - -commit all command.
Symptom
Changes made to the iSCSI database do not appear on iSCSI hosts.

The DDSet has not been enabled or the database has not been committed.
Check the currently enabled DD Set using iscsiCfg - -show ddset command.
Make sure it is reported as enabled and committed.

53-1001816-01
41
Authentication
Enable an appropriate DDSet using the iscsiCfg - -enable ddset command.

Check for open transactions using the iscsiCfg - -show transaction command.
Commit any open transactions using the iscsicfg - -commit all -f command.
Authentication
Symptom
Cannot set up mutual CHAP.

A CHAP name that matches the IQN of an iSCSI initiator is treated differently in the CHAP database.
When a CHAP name is set to the IQN of an iSCSI initiator, it will be used for initiator CHAP during
mutual CHAP login.
Symptom
After an iSCSI host logs out of a target, it cannot log in to that target again.
There is an inconsistency in the iSCSI database.
Check using the iscsiCfg --show fabric command.
Make sure the aggregated state is in sync.
If it is not in sync, fix the inconsistency and perform a commit using the iscsiCfg --commit all
command.
Symptom
iSCSI host can discover targets, but cannot log in to them.

Zoning is enabled, but iSCSI virtual initiators are not in the same zone as the targets.
Check zoning using the cfgShow command.
Make sure iSCSI virtual initiators are in the same zone as the targets. Display the port WWN of the
iSCSI virtual initiators using the nsShow command.
42

53-1001816-01
Index
A
AD0, 17
address resolution protocol
adding additional entries, 15
automatic creation, 14
creating entries, 14
Admin Domains
AD0, 17
authentication
configuring, 24
defining iSCSI VT to iSCSI initiator, 17
B
binding user names, 24
blades
FC4-16IP, 1, 30
port numbering, 11
C
cfgShow, 42
CHAP
iSCSI authentication, 22
required, 24
command
cfgShow, 42
defZone, 41
fcLunQuery, 40
iscsiCfg, 41
nsShow, 40, 42
portCfg, 39
portCmd, 39
portShow, 39

53-1001816-01
configuring
discovery domains, 22
GbE, 14
iSCSI discovery domains, 22
iSCSI initiator to VT authentication, 24
LUNs, 20
zone, 33
connection
network, 15
connection redirection
disabling, 7
displaying status, 7
enabling, 7
load balancing, 6
creating
address resolution protocol entries, 14
discovery domain sets, 23
iSCSI FC zones, 30
iSCSI virtual targets, 19
user-defined virtual targets, 21
zone configurations, 33
D
DD. See discovery domains
DDSet. See discovery domain sets
defZone, 41
devices
no access, 30
RAID, 40
zoning, 30
disabling
connection redirection, 7
creating, 23
enabling, 23
enforced, 22
maximum created, 22
not deleted, 30
43
discovery domains, 17, 35

configuring, 22
creating, 23
not deleted, 30
displaying
LUN map, 21
WWN for FC targets, 30
WWN for iSCSI virtual initiators, 31
E
enabling
iSCSI gateway service, 12
iSCSI GbE ports, 13
zone configuration, 33
enabling iSCSI physical interface, 13
events
notification of, 35
F
FC device, adding to iSCSI virtual target, 20
FC targets, 17, 19
for iSCSI zone creation, 30
listing, 20
LUNs, 17
FC4-16IP, 1, 30
fcLunQuery, 40
Fibre Channel Association, xii
H
host
connection failure, 39
iSCSI log out, 42
I
IP address
assigning, 14
port, 15
IP routes
adding static, 15
44
IQNs, 17
displaying initiator, 22
displaying prefix, 5
virtual target creation, 17
iSCSI
authentication
CHAP, 6, 9
mutual, 6
one-way, 6
switch-to-iSCSI initiator, 6
authentication method, 22
blades, 1
CHAP mutual, 42
command list for configuration, 8
component identification, 4
configuration checklist, 8
database, 41
DD, 37
DDSet, 37
discovery domain sets, active, 5
discovery domain sets, configuration, 6
discovery domains, using to limit access, 5
Easy create cannot find any LUNs on the target, 40
enabling gateway service, 12
FC targets, 3
FC zoning, 29
gateway, 35
gateway service in iSCSI FC zone, 29
GE_Ports cannot go to Online state, 40
host cannot discover any targets, 41
host cannot mount any disks, 40
host connection failure, 39
initiators, 17, 35
IQNs, 3
changing prefix, 5
default prefix, 4
prefix, 4
iscsiCfg, 41
iscsiCfg commit, 41
iscsiCfg show dd, 41
LUN mapping to iSCSI VTs, 3
LUN mapping, advanced, 4
LUN mapping, basic, 3
multiple sessions are established with the same target,

53-1001816-01
40
network, 35
packet size, 14
physical interface, enabling, 13
RAID device, 40
shared secret, setting, 9
supported initiators, 8
translation, 2
virtual initiators
connecting to FC targets, 2
virtual FC devices, 1
virtual targets, 3
virtual targets, limiting access to, 5
virtual targets, state and status, 22
zone set to all access, 29
zone set to no access, 29
zoning, 42
iSCSI FC zoning
iSCSI gateway service, 29
iSCSI initiators, 1
iSCSI session distribution, See connection redirection
iSCSI virtual initiators
adding to same zone, 30
for iSCSI FC zone creation, 30
iSCSI virtual targets, 17
add FC device, 20
creation, 17, 19
for every FC target, 17
for specific FC target, 19
delete LUNs from, 21
displaying LUN map, 21
manual creation, 19
user-defined, 21
iscsiCfg
commit, 41
show, 41
iSNS
client, 35
client service, 35
client service, disabling, 37
client service, enabling, 36
client service, status, 36
configuration, 35
protocol, 35
server, 35
server and clients, 35
server IP address, configuring, 36
iSNS (Internet Storage Name Service), 22
iSNS server, 22

53-1001816-01
L
license
advanced zoning, 30
listing
FC targets, 20
load balancing, See connection redirection
LUN, 31
mapping, 19
LUN mapping, 3
LUNs
adding, 20
configuration, 20
deleting, 21
display map, 21
mapped using IQNs, 17
mapping, 21
M
MAC address, port, 15
N
network
connection, verifying, 15
nsShow, 40, 42
P
physical FC targets, 3
port
GbE, 9
GbE, enabling, 13
LUN mapping, 21
numbering, 11
portCfg, 39
portCmd ping, 39
portShow
ipif, 39
iproute, 39
protocol
address resolution, 15
45
S
static routes, maximum, 14
status of iSNS client service, 36
V
virtual initiators. See iSCSI
virtual targets. See iSCSI virtual targets
W
WWN, 31
displaying FC target information, 30
displaying iSCSI virtual initiator information, 31
Z
zone
all access in iSCSI, 29
configuration, creating, 33
configuration, enabling, 33
creating, iSCSI FC, 30
no access in iSCSI, 29
planning, 29
zoning
devices, 30
license, 30
46

53-1001816-01

53 1001816 01 iSCSI AG

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

53 1001816 01 iSCSI AG

Uploaded by

Copyright:

Available Formats

53-1001816-01

iSCSI Gateway Service

Copyright 2010 Brocade Communications Systems, Inc. All Rights Reserved.

Brocade Communications Systems, Incorporated

iSCSI Gateway Service Administrators Guide

About This Document

Introduction to the iSCSI Gateway Service

iSCSI Gateway Service Administrators Guide

Configuring the FC4-16IP Blade

Configuring iSCSI Virtual Targets

Creating the iSCSI FC Zone

Administering the iSNS Client

iSCSI Gateway Service Administrators Guide

iSCSI Gateway Service Administrators Guide

iSCSI Gateway Service Administrators Guide

iSCSI gateway network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

iSCSI gateway service basic implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

iSCSI VT basic LUN mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

iSCSI VT advanced LUN mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Discovery domain set configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

iSCSI gateway service in an iSCSI FC zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

iSCSI network with iSNS server and clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

iSCSI Gateway Service Administrators Guide

iSCSI Gateway Service Administrators Guide

About This Document

How this document is organized

Supported hardware and software

iSCSI Gateway Service Administrators Guide

Whats new in this document

Identifies command names

Identifies CLI output

Command syntax conventions

Commands are printed in bold.

Command options are printed in bold.

iSCSI Gateway Service Administrators Guide

Repeat the previous element, for example member[;member...]

Boolean. Elements are exclusive. Example: --show -mode egress | ingress

Notes, cautions, and warnings

iSCSI Gateway Service Administrators Guide

Notice to the reader

Referenced Trademarks and Products

Windows, Windows NT, Internet Explorer

Sun Microsystems, Inc.

Netscape Communications Corporation

Red Hat, Inc.

Red Hat, Red Hat Network, Maximum RPM, Linux Undercover

Other industry resources

iSCSI Gateway Service Administrators Guide

Getting technical help

Description of any troubleshooting steps already performed and the results

Brocade 7600On the bottom of the chassis

3. World Wide Name (WWN)

iSCSI Gateway Service Administrators Guide

iSCSI Gateway Service Administrators Guide

Introduction to the iSCSI Gateway Service

iSCSI gateway service overview

iSCSI gateway network

Access to the fabric using virtual FC devices (iSCSI virtual initiator)

iSCSI Gateway Service Administrators Guide

iSCSI session translation

iSCSI session translation

iSCSI gateway service basic implementation

iSCSI Gateway Service Administrators Guide