Qlogic/McData 4Gb Fibre Channel Switch Module for IBM eServer BladeCenter Firmware Update 5.5.0.22 firmware_5_5_0_22.txt Version 1.00 9/18/05 ________ CONTENTS ________ 1.0 Overview 2.0 Change History 3.0 Installation and Setup Instructions 4.0 Configuration Information 5.0 Known Issues 6.0 Unattended Mode 7.0 Web Sites and Support Phone Number 8.0 Trademarks and Notices 9.0 Disclaimer _______________ 1.0 Overview _______________ This README describes current firmware version for the Qlogic 4Gb Fibre Channel Switch Module and procedure for updating firmware on the switch. 1.1 Dependencies: This Firmware is used in conjuction with SANsurfer version 2.0.30b52 or higher. ____________________ 2.0 Change History ____________________ 8/18/05 -- Version 5.5.0.22 -Initial Release for 4Gb Switches New Firmware Features - Auto-IOStreamguard - Automatically enables I/O Streamguard for QLogic HBA ports. Port state changes will not cause RSCN's to be sent to other I/O Streamguarded ports. Auto-IOStreamguard ports will not show up in nameservice queries of other I/O Streamguarded ports. - New Port Speed Strategy - Added new supported speeds list display as reported by the SFP vendor: For 2Gb switches - Maintain current operating behavior, ignoring vendor data and treating all SFP's as 1Gb/2Gb capable. - Alarm generated if port is running at a speed not supported by the SFP. - Alarm generated if the CRC on the vendor data is invalid - Fabric Device Security - The following security enhancements have been added to this release: o ISL and ELS authentication, as defined in FC-SP, provide a means to authenticate the identity of a connected switch, host or target and/or authorize a list of devices to join a fabric. o ISL security is supported on E_Ports. ELS security is supported on F_Ports. o Fabric Binding is introduced as a means to control switch composition of a fabric. o CT Authentication, as defined in FC-GS-4, provides a means to validate that CT requests and responses are passed without modification between two cooperating entities. o Security configuration management is similar to zoning configuration management. - RADIUS - Allows for centralized security management: o Device Authentication - Authentication of FC devices. o User Authentication - Authentication of user logins via telnet, ftp, SSH, and GUI. o Accounting - Collection of usage statistics. - SSH - Adds support for Secure Shell (SSH), providing an encrypted data path for command line interface sessions. - SSL - Adds support for Secure Sockets Layer (SSL), providing encryption for the GUI and Common Information Model (CIM) sessions. - Centralized Services Component - Provides a central location for a user to enable or disable any of the external user services such as SNMP, SSL, SSH, embedded GUI, Telnet, Network Time Protocol (NTP), CIM, etc. - Time Zones - Date/Time management has been enhanced to include time zone support and alarms for NTP time sync problems. - Embedded CIM Agent - This release includes a Common Information Model (CIM) switch agent based on the SNIA Storage Management Initiative Specification (SMI-S), the standard for SAN management in a heterogeneous environment. - Discard Inactive Zones - When this feature is enabled, only the currently active zone set, zones, and aliases will be retained in the cached zoning database for in-band switches. Unassigned or orphan zones and zone sets will not be retained. This will prevent zoning limits from being reached artificially. - New Firmware Naming Convention - The firmware file name, references in SNMP, GUI, command line interface, etc. now all use a consistent format (e.g. v5.0.0.01.00). - Maximum Zones - The maximum number of zones, MaxZones, supported has been increased from 1000 to 2000. - Miscellaneous changes: o Note that all occurrences of "FC-SW-2" have been replaced by "Interop". o User Authentication is now mandatory. o Temperature Warning and Failure ranges can no longer be set on the switch. A user no longer has the ability to alter the port shutdown configuration parameter. o There is now a single firmware image available on the switch. Therefore, the CLIsh "fallback" command is no longer supported. o A new command has been created in CLIsh called "firmware install" that will FTP the firmware from a remote host, unpack the firmware, and activate the firmware by resetting the switch. o Another new command has been created in CLIsh called "create support" that saves information for use by support personnel to help diagnose problems. o Extensive changes have been made to the event/error logging to make the logs more robust and readable. _________________________________________ 3.0 Installation and Setup Instructions _________________________________________ NOTE: Prior to downloading the firmware to the Fibre Channel switch module, ensure that the advanced management option "Preserve IP Address across all resets" is set to 'enabled' via the Management Module interface. This will ensure that your currently configured IP Address will remain available after the switch firmware is upgraded. NOTE: This version of firmware requires SANsurfer 2.0.30b52 or higher. Refer to the IBM Support website for download information for the 2.0.30b52 version. NOTE: Refer to BladeCenter FC Switch Management User’s guide for detailed instructions. NOTE: Capitalization of command, password, and username is important - must use as shown in procedures below. 1. Download new firmware file ("5.5.0.22.00_mpc") from IBM support website - refer to Support section of this document for URL. - Ensure that the filename that has been saved to the disk is 5.5.0.22.00_mpc and does not contain additional characters. 2. Open command prompt window/console. 3. Change directory in window/console to the directory where the new switch firmware file is located. 4. Ftp to the switch using command: "ftp xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx represents IP address of FC switch. 5. To log in to FC switch: o At prompt "username", type "images" and press enter key o At prompt "password", type "images"and press enter key 6. After logged in, enter the following commands: o At prompt, type "bin" and press enter key o At prompt, type "put 5.5.0.22.00_mpc" and press enter key o At prompt, type "quit" and press enter key 7. Telnet to the switch using command: "telnet xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx represents IP address of FC switch. 8. To log in to FC switch: o At prompt "username", type "USERID" and press the enter key. At the prompt "password", type "PASSW0RD" and press enter key NOTE: Zero is 6th character in password, not capital O. 9. After logged in, enter the following commands: At prompt, type "admin start" and press the enter key. At the prompt, type "image list" and press enter key NOTE: "image list" command should display firmware file "5.5.0.22.00_mpc" resident on switch. 10. Now enter following commands: At prompt, type "image unpack 5.5.0.22.00_mpc" and press enter key. 11. Wait for confirmation that the switch firmware has successfully updated 12. After receiving confirmation, type "hotreset" to perform a Non-Disruptive Code Load Activation that will not disrupt data traffic on the switch. NOTE: Use hotreset only if a stable SAN environment is present, and no devices are being added or removed while hotreset is running. If SAN environment is not stable then type "reset" and press enter key which will reset the switch and activate the new firmware; this reset will disrupt any data traffic on switch. _______________________________ 4.0 Configuration Information _______________________________ Detailed information on configuring the Switch Module application can be found in the Qlogic or McDATA Management Guide on the Support CD provided with each switch module or the IBM Website. Additional information is available in the SANsurfer readme notes. NOTES: - When installing a 4Gb Switch Module in the BladeCenter T Chassis, the internal ports will be fixed to 2Gb speeds. The external ports can still run up to 4Gb speeds. - When using a HS40 bladeserver, ensure that the 4Gb expansion card is installed in the slot closest to the processor to enable 4Gb speeds. - The McDATA switch module does not support aliases in the zoning configuration. Ensure that no aliases are configured prior to upgrading a Qlogic switch to a McDATA switch module via the software license key, or when upgrading to 5.5.0.22. - The zoning limits were increased in the 4.1 and 5.2 releases. If you downgrade your firmware from one of these releases, you must modify your zoning limits prior to downgrading the firmware so that they do not exceed the previous release's limits. Refer to the appropriate manual for list of these zoning limits. - If you have fabrics that cross time zones, please be aware that this will cause time stamp differences in the various switch logs. - When shutting down a bladeserver, an immediate power off can cause additional port statistics to be seen. Ensure that the internal blades are properly shutdown to avoid excessive port statistics. - In Firmware 4.2 and later, the IOStreamGuard parameter may be set to Auto, Enable, or Disable. If the parameter is set to Auto and you downrev your firmware version to an earlier firmware version, you must set the IOStreamGuard parameter appropriately after the downrev for each port; otherwise, the storage connected to the ports will not seen. - A switch configuration backup does not archive the primary or secondary secrets for any security groups. As a result, the security secrets need to be reconfigured in Clish after a config restore. Otherwise the restored switch will isolate from the fabric due to an invalid attach due to the missing secrets. - The 5.0 switch firmware can be loaded and activated without a reboot or disrupting the switch fabric with several conditions and exceptions. You are allowed one active Switch Manager or API session while executing a Non-disruptive code load and activation (NDCLA). An NDCLA from firmware 2.0 or firmware 3.0 to firmware 5.0 is not permitted nor is it permitted to first NDCLA to firmware 4.x and then NDCLA to firmware 5.0; you must do a reset or a hardreset. An NDCLA is not supported with firmware 5.0 on the SANbox2-16 due to its limited memory. _______________________________ 5.0 Known Issues _______________________________ 1. After activating a large zoneset, the CLIsh "zoning list" command did not list all zoning information. This is a Windows only issue with the default telnet application. A 3rd party telnet application is recommended on a Windows platform. If you use the default telnet and it appears hung when you first open the session, "set term vt100" at the telnet prompt will resolve this issue. 2. In a BladeCenter FC Switch Module/Brocade/Mcdata mesh configuration, if you have a JNI initiator in loop mode and assign the same domain ID to all switches and bring all of them online, the JNI initiator does not log back into the same port on BladeCenter FC Switch Module. This is not a switch problem. If you do not set the JNI to loop only mode, this problem is avoided. 3. If the IP Address of the switch is changed through the CLI, the IP address will not be accessible until an IP address change has also occurred through the Management Module. 4. When Accounting Radius servers are defined on the switch and Authentication order = Local Only, new (telnet) sessions validate the accounting servers prior to log in, as designed. However, when a new GUI session is initiated, the Accounting Radius Servers are not validated. 5. "set port clear" causes the statistics counters to display invalid data 6. When an ISL port that was offlined is brought back online, all I/O is moved to the new ISL instead of routes being assigned across both ISL's. In some cases, it may take several minutes for traffic to be re-routed to one of the other ISLs. There is no fabric interruption in this case. Known Issues with Brocade/QLogic operation: ------------------------------------------------------- - In a mixed QLogic, McDATA, Brocade fabric, using McDATA's GUI to take the McDATA switch offline/online sometimes caused an ISL failure between QLogic switches and Brocade switches. When this occurs, the Brocade loop initialization code will continuously loop. - Brocade BB credit negotiation does not work properly. Flow control errors are reported during an E_Port offline/online. This problem is fixed in Brocade switch firmware v3.1.0 and later. - Connecting a QLogic switch to a Brocade 3900 switch via a GL port will cause the Brocade switch to become inoperable. To work around this issue, change the QLogic port to a G port. The Brocade 3900 switch demonstrates this issue with other non-QLogic switches. - With InteropMode set to Standard (FC-SW-2) and connected to a Brocade 3250 switch (4.2.0c firmware), Brocade BB credit negotiation does not work properly while traffic is running if the non-Brocade switch has fewer BB credits than the Brocade 3250 switch. To resolve this issue reconfigure the BB credits on the Brocade switch to match those on the non-Brocade switch. - With InteropMode set to Standard (FC-SW-2) and connected to a Brocade 3200/3800 switch (3.1.2a firmware), zone merges or zone changes involving 400 or more WWPN zone members can take five minutes or longer to complete. - With InteropMode set to Standard (FC-SW-2) and connected to a Brocade 3200/3800 switch (3.1.0 or later firmware) and a Brocade 3900 switch (4.1.0 firmware or later), the following issues occur: o When zone merges with a full zone database occur, the full zone protocol bit is not enabled. This is not in compliance with the FC-SW-2 specification. There is no current impact to the customer. o If a cfgsave command is issued from the Brocade switch for a zone change with a full zone database, a non-standard value is included in the save command payload. The QLogic switch will reject the command which causes the save to fail. A workaround is to issue a cfgenable command from the Brocade switch which activates and saves the zone change. Known Issues with McDATA/QLogic operation: ------------------------------------------------------ - McDATA's SANpilot, and command line interface, do not display devices attached to the QLogic switch. A workaround is to use their EFCM tool, v7.0 or earlier. - When you display the IP address of a McDATA switch using either the "show fabric" clish command or the SANsurfer Switch Manager, the IP address will be displayed as 0.0.0.0. - Fabric Binding is not supported in McData switches operating in Open Fabric mode. _____________________ 6.0 Unattended Mode _____________________ This package does not support Unattended Mode ________________________________________ 7.0 WEB Sites and Support Phone Number ________________________________________ IBM Support Web Site: http://www.ibm.com/pc/support IBM Marketing Netfinity Web Site: http://www.pc.ibm.com/netfinity If you have any questions about this update, or problems applying the update go to the following Help Center World Telephone Numbers URL: 1-800-772-2227 http://www.pc.ibm.com/qtechinfo/YAST-3P2QYL.html. ____________________________ 8.0 Trademarks and Notices ____________________________ The following terms are trademarks of the IBM Corporation in the United States or other countries or both: IBM BladeCenter eServer Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds. Intel trademarks or registered trademarks are trademarks of Intel Corporation. Other company, product, and service names may be trademarks or service marks of others. ________________ 9.0 Disclaimer ________________ THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IBM DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY WITH RESPECT TO THE INFORMATION IN THIS DOCUMENT. BY FURNISHING THIS DOCUMENT, IBM GRANTS NO LICENSES TO ANY PATENTS OR COPYRIGHTS. Note to Government Users Note to U.S. Government Users -- Documentation related to restricted rights -- Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corporation.