Qlogic 6-Port Enterprise Fibre Channel Switch Module for IBM eServer BladeCenter Firmware Update 5.2.0.26 Qlogic_5_2_0_26.txt Version 1.00 7/15/05 ________ CONTENTS ________ 1.0 Overview 2.0 Change History 3.0 Installation and Setup Instructions 4.0 Configuration Information 5.0 Known Issues 6.0 Unattended Mode 7.0 Web Sites and Support Phone Number 8.0 Trademarks and Notices 9.0 Disclaimer _______________ 1.0 Overview _______________ This README describes current firmware version for the Qlogic 6-Port Fibre Channel Switch Module and procedure for updating firmware on the switch. 1.1 Dependencies: This Firmware is used in conjuction with SAN Surfer Manager version 5.02.05. ____________________ 2.0 Change History ____________________ Qlogic Firmware Version 5.2.0.26 -------------------------------------- New Firmware Features -Add support for McDATA Fabric Mode via license key - Auto-IOStreamguard - Automatically enables I/O Streamguard for QLogic HBA ports. Port state changes will not cause RSCN's to be sent to other I/O Streamguarded ports. Auto-IOStreamguard ports will not show up in nameservice queries of other I/O Streamguarded ports. - New Port Speed Strategy - Added new supported speeds list display as reported by the SFP vendor: - Fabric Device Security - The following security enhancements have been added to this release: o ISL and ELS authentication, as defined in FC-SP, provide a means to authenticate the identity of a connected switch, host or target and/or authorize a list of devices to join a fabric. o ISL security is supported on E_Ports. ELS security is supported on F_Ports. o Fabric Binding is introduced as a means to control switch composition of a fabric. o CT Authentication, as defined in FC-GS-4, provides a means to validate that CT requests and responses are passed without modification between two cooperating entities. o Security configuration management is similar to zoning configuration management. - RADIUS - Allows for centralized security management: o Device Authentication - Authentication of FC devices. o User Authentication - Authentication of user logins via telnet, ftp, SSH, and GUI. o Accounting - Collection of usage statistics. - SSH - Adds support for Secure Shell (SSH), providing an encrypted data path for command line interface sessions. - SSL - Adds support for Secure Sockets Layer (SSL), providing encryption for the GUI and Common Information Model (CIM) sessions. - Centralized Services Component - Provides a central location for a user to enable or disable any of the external user services such as SNMP, SSL, SSH, embedded GUI, Telnet, Network Time Protocol (NTP), CIM, etc. - Time Zones - Date/Time management has been enhanced to include time zone support and alarms for NTP time sync problems. - Embedded CIM Agent - This release includes a Common Information Model (CIM) switch agent based on the SNIA Storage Management Initiative Specification (SMI-S), the standard for SAN management in a heterogeneous environment. - Discard Inactive Zones - When this feature is enabled, only the currently active zone set, zones, and aliases will be retained in the cached zoning database for in-band switches. Unassigned or orphan zones and zone sets will not be retained. This will prevent zoning limits from being reached artificially. - New Firmware Naming Convention - The firmware file name, references in SNMP, GUI, command line interface, etc. now all use a consistent format (e.g. v5.0.0.01.00). - Maximum Zones - The maximum number of zones, MaxZones, supported has been increased from 1000 to 2000. - Miscellaneous changes: o Note that all occurrences of "FC-SW-2" have been replaced by "Interop". o User Authentication is now mandatory. o Temperature Warning and Failure ranges can no longer be set on the switch. A user no longer has the ability to alter the port shutdown configuration parameter. o There is now a single firmware image available on the switch. Therefore, the CLIsh "fallback" command is no longer supported. o A new command has been created in CLIsh called "firmware install" that will FTP the firmware from a remote host, unpack the firmware, and activate the firmware by resetting the switch. o Another new command has been created in CLIsh called "create support" that saves information for use by support personnel to help diagnose problems. o Extensive changes have been made to the event/error logging to make the logs more robust and readable. Firmware Issues resolved between 4.1.0.22 and 5.2.0.xx: 1. There are some situations where multiple SNMP change traps are being sent when their values have not changed. 2. Session timeouts are set to 10 minutes. In cases where max (or near max) sessions is reached, and resets occur in the fabric, the sessions no longer being used may prevent users from performing other operations for 10 minutes until these sessions time out. Qlogic Firmware Version 4.1.0.22 -------------------------------------- -Initial Version _________________________________________ 3.0 Installation and Setup Instructions _________________________________________ NOTE: Prior to downloading the firmware to the Fibre Channel switch module, ensure that the advanced management option "Preserve IP Address across all resets" is set to 'enabled' via the Management Module interface. This will ensure that your currently configured IP Address will remain available after the switch firmware is upgraded. NOTE: This version of firmware requires SAN Surfer Manager 5.02.05 or higher. Refer to the IBM Support website for download information for the 5.02.05 version. NOTE: Refer to BladeCenter FC Switch Management User’s guide for detailed instructions. NOTE: Capitalization of command, password, and username is important - must use as shown in procedures below. 1. Download new firmware file ("5.2.0.26.00_mpc") from IBM support website - refer to Support section of this document for URL. - Ensure that the filename that has been saved to the disk is 5.2.0.26.00_mpc and does not contain additional characters. 2. Open command prompt window/console. 3. Change directory in window/console to the directory where the new switch firmware file is located. 4. Ftp to the switch using command: "ftp xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx represents IP address of FC switch. 5. To log in to FC switch: o At prompt "username", type "images" and press enter key o At prompt "password", type "images"and press enter key 6. After logged in, enter the following commands: o At prompt, type "bin" and press enter key o At prompt, type "put 5.2.0.26.00_mpc" and press enter key o At prompt, type "quit" and press enter key 7. Telnet to the switch using command: "telnet xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx represents IP address of FC switch. 8. To log in to FC switch: o At prompt "username", type "USERID" and press the enter key. At the prompt "password", type "PASSW0RD" and press enter key NOTE: Zero is 6th character in password, not capital O. 9. After logged in, enter the following commands: At prompt, type "admin start" and press the enter key. At the prompt, type "image list" and press enter key NOTE: "image list" command should display firmware file "5.2.0.26.00_mpc" resident on switch. 10. Now enter following commands: At prompt, type "image unpack 5.2.0.26.00_mpc" and press enter key. 11. Wait for confirmation that the switch firmware has successfully updated 12. After receiving confirmation, type "hotreset" to perform a Non-Disruptive Code Load Activation that will not disrupt data traffic on the switch. NOTE: Use hotreset only if a stable SAN environment is present, and no devices are being added or removed while hotreset is running. If SAN environment is not stable then type "reset" and press enter key which will reset the switch and activate the new firmware; this reset will disrupt any data traffic on switch. _______________________________ 4.0 Configuration Information _______________________________ Detailed information on configuring the Switch Module application can be found in the Qlogic 6-Port Management Guide Support CD provided with each switch module or the IBM Website. NOTES: - The zoning limits were increased in the 4.1 and 5.2 releases. If you downgrade your firmware from one of these releases, you must modify your zoning limits prior to downgrading the firmware so that they do not exceed the previous release's limits. Refer to the appropriate manual for list of these zoning limits. - If you have fabrics that cross time zones, please be aware that this will cause time stamp differences in the various switch logs. - In Firmware 4.2 and later, the IOStreamGuard parameter may be set to Auto, Enable, or Disable. If the parameter is set to Auto and you downrev your firmware version to an earlier firmware version, you must set the IOStreamGuard parameter appropriately after the downrev for each port; otherwise, the storage connected to the ports will not seen. - A switch configuration backup does not archive the primary or secondary secrets for any security groups. As a result, the security secrets need to be reconfigured in Clish after a config restore. Otherwise the restored switch will isolate from the fabric due to an invalid attach due to the missing secrets. - The 5.0 switch firmware can be loaded and activated without a reboot or disrupting the switch fabric with several conditions and exceptions. You are allowed one active Switch Manager or API session while executing a Non-disruptive code load and activation (NDCLA). An NDCLA from firmware 2.0 or firmware 3.0 to firmware 5.0 is not permitted nor is it permitted to first NDCLA to firmware 4.x and then NDCLA to firmware 5.0; you must do a reset or a hardreset. Additional information is available in the SANsurfer Switch Manager readme notes. _______________________________ 5.0 Known Issues _______________________________ 1. After activating a large zoneset, the CLIsh "zoning list" command did not list all zoning information. This is a Windows only issue with the default telnet application. A 3rd party telnet application is recommended on a Windows platform. If you use the default telnet and it appears hung when you first open the session, "set term vt100" at the telnet prompt will resolve this issue. 2. In a BladeCenter FC Switch Module/Brocade/Mcdata mesh configuration, if you have a JNI initiator in loop mode and assign the same domain ID to all switches and bring all of them online, the JNI initiator does not log back into the same port on BladeCenter FC Switch Module. This is not a switch problem. If you do not set the JNI to loop only mode, this problem is avoided. 3. If the IP Address of the switch is changed through the CLI, the IP address will not be accessible until an IP address change has also occurred through the Management Module. 4. When Accounting Radius servers are defined on the switch and Authentication order = Local Only, new (telnet) sessions validate the accounting servers prior to log in, as designed. However, when a new GUI session is initiated, the Accounting Radius Servers are not validated. 5. "set port clear" causes the statistics counters to display invalid data 6. When offlining / onlining the fibre channel switch module (FCSM), I/O halts on Windows 2000 systems when the switch goes offline. 7. When an ISL port that was offlined is brought back online, all I/O is moved to the new ISL instead of routes being assigned across both ISL's. In some cases, it may take several minutes for traffic to be re-routed to one of the other ISLs. There is no fabric interruption in this case. Known Issues with Brocade/QLogic operation - In a mixed QLogic, McDATA, Brocade fabric, using McDATA's GUI to take the McDATA switch offline/online sometimes caused an ISL failure between QLogic switches and Brocade switches. When this occurs, the Brocade loop initialization code will continuously loop. - Brocade BB credit negotiation does not work properly. Flow control errors are reported during an E_Port offline/online. This problem is fixed in Brocade switch firmware v3.1.0 and later. - Connecting a QLogic switch to a Brocade 3900 switch via a GL port will cause the Brocade switch to become inoperable. To work around this issue, change the QLogic port to a G port. - With InteropMode set to Standard (FC-SW-2) and connected to a Brocade 3250 switch (4.2.0c firmware), credit negotiation does not work properly while traffic is running if the Qlogic switch has fewer BB credits than the Brocade 3250 switch. To resolve this issue reconfigure the BB credits on the Brocade switch to match those on the Qlogic switch. - With InteropMode set to Standard (FC-SW-2) and connected to a Brocade 3200/3800 switch (3.1.2a firmware), zone merges or zone changes involving 400 or more WWPN zone members can take five minutes or longer to complete. - With InteropMode set to Standard (FC-SW-2) and connected to a Brocade 3200/3800 switch (3.1.0 or later firmware) and a Brocade 3900 switch (4.1.0 firmware or later), the following issues occur: o When zone merges with a full zone database occur, the full zone protocol bit is not enabled. There is no current impact due to this issue. o If a cfgsave command is issued from the Brocade switch for a zone change with a full zone database, a non-standard value is included in the save command payload. The QLogic switch will reject the command which causes the save to fail. A workaround is to issue a cfgenable command from the Brocade switch which activates and saves the zone change. Known Issues with McDATA/QLogic operation - McDATA's SANpilot, and command line interface, do not display devices attached to the QLogic switch. A workaround is to use their EFCM tool, v7.0 or earlier. - When you display the IP address of a McDATA switch using either the "show fabric" clish command or the SANsurfer Switch Manager, the IP address will be displayed as 0.0.0.0. - Fabric Binding is not supported in McData switches operating in Open Fabric mode. _____________________ 6.0 Unattended Mode _____________________ This package does not support Unattended Mode ________________________________________ 7.0 WEB Sites and Support Phone Number ________________________________________ IBM Support Web Site: http://www.ibm.com/pc/support IBM Marketing Netfinity Web Site: http://www.pc.ibm.com/netfinity If you have any questions about this update, or problems applying the update go to the following Help Center World Telephone Numbers URL: 1-800-772-2227 http://www.pc.ibm.com/qtechinfo/YAST-3P2QYL.html. ____________________________ 8.0 Trademarks and Notices ____________________________ The following terms are trademarks of the IBM Corporation in the United States or other countries or both: IBM BladeCenter eServer Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds. Intel trademarks or registered trademarks are trademarks of Intel Corporation. Other company, product, and service names may be trademarks or service marks of others. ________________ 9.0 Disclaimer ________________ THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IBM DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY WITH RESPECT TO THE INFORMATION IN THIS DOCUMENT. BY FURNISHING THIS DOCUMENT, IBM GRANTS NO LICENSES TO ANY PATENTS OR COPYRIGHTS. Note to Government Users Note to U.S. Government Users -- Documentation related to restricted rights -- Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corporation.