Home » HP Manuals » Storage Devices » HP 8/8 » Manual Viewer

HP 8/8 Access Gateway Administrator's Guide (53-1001760-01, June 2010) - Page 50

Setting the list of devices not allowed to log in, Removing devices from the list of allowed devices

Add to My Manuals
Save this manual to your list of manuals

Page 50 highlights

3 Advanced Device Security policy Setting the list of devices not allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate operands to set the list of devices not allowed to log into specific ports. In the following example, ports 11 and 12 are set to "no access." switch:admin > ag --adsset "11;12" "" WWN list set successfully as the Allow Lists of the F_Port[s] Removing devices from the list of allowed devices Use the ag --adsdel command to delete the specified WWNs from the list of devices allowed to log in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the F_Port list with an asterisk (*) to remove the specified WWNs from all the F_Ports' allow lists. The ADS policy must be enabled for this command to succeed. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsdel command to remove one or more devices from the list of allowed devices. Use the following syntax: ag--adsdel "F_Port [;F_Port2;...]" "WWN [;WWN2;...]" In the following example, two devices are removed from the list of allowed devices (for ports 3 and 9). switch:admin> ag --adsdel "3;9" "22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b" WWNs removed successfully from Allow Lists of the F_Port[s]Viewing F_Ports allowed to login Adding new devices to the list of allowed devices You can add the specified WWNs to the list of devices allowed to log in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the F_Port list with an asterisk (*) to add the specified WWNs to all the F_Ports' allow lists. The ADS policy must be enabled for this command to succeed. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsadd command with appropriate operands to add one or more new devices to the list of allowed devices. Use the following syntax: ag--adsadd "F_Port [;F_Port2;...]" "WWN [;WWN2;...]" In the following example, two devices are added to the list of allowed devices (for ports 3 and 9). switch:admin> ag --adsadd "3;9" "20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b" WWNs added successfully to Allow Lists of the F_Port[s] 30 Access Gateway Administrator's Guide 53-1001760-01

Section	Page
About This Document	13
How this document is organized	13
Supported hardware and software	13
What’s new in this document	14
Document conventions	15
Text formatting	15
Command syntax conventions	15
Notes, cautions, and warnings	15
Notice to the reader	16
Key terms	16
Additional information	17
Brocade resources	17
Other industry resources	17
Optional Brocade features	18
Getting technical help	18
Document feedback	19
Access Gateway Basic Concepts	21
In this chapter	21
Brocade Access Gateway overview	21
Comparing Native Fabric and Access Gateway modes	21
Fabric OS features in Access Gateway mode	23
Access Gateway port types	24
Comparison of Access Gateway ports to standard switch ports	24
Access Gateway hardware considerations	25
Configuring Ports in Access Gateway mode	27
In this chapter	27
Enabling and disabling Access Gateway mode	27
Port state description	29
Access Gateway mapping	30
Port-based mapping	30
Device-based mapping	35
Considerations for Access Gateway mapping	42
N_Port configurations	44
Displaying N_Port configurations	45
Unlocking N_Ports	45
Managing Policies and Features in Access Gateway Mode	47
In this chapter	47
Access Gateway policies overview	47
Displaying current policies	47
Access Gateway policy enforcement matrix	48
Advanced Device Security policy	48
How the ADS policy works	48
Enabling and disabling the Advanced Device Security policy	49
Setting the list of devices allowed to log in	49
Setting the list of devices not allowed to log in	50
Removing devices from the list of allowed devices	50
Adding new devices to the list of allowed devices	50
Displaying the list of allowed devices on the switch	51
ADS policy considerations	51
Upgrade and downgrade considerations for the ADS policy	51
Automatic Port Configuration policy	51
How the APC policy works	51
Enabling and disabling the APC policy	52
Automatic Port Configuration policy considerations	52
Upgrade and downgrade considerations for the APC policy	53
Port Grouping policy	53
How port groups work	53
Adding an N_Port to a port group	54
Deleting an N_Port from a port group	55
Removing a port group	55
Renaming a port group	55
Disabling the Port Grouping policy	55
Port Grouping policy modes	56
Creating a port group and enabling Automatic Login Balancing mode	56
Rebalancing F_Ports	57
Enabling Managed Fabric Name Monitoring mode	58
Disabling Managed Fabric Name Monitoring mode	58
Displaying the current fabric name monitoring timeout value	58
Setting the current fabric name monitoring timeout value	59
Port Grouping policy considerations	59
Upgrade and downgrade considerations for the Port Grouping policy	60
Device Load Balancing Policy	60
Enabling WWN Load Balancing	60
Disabling Device Load Balancing	60
Device Load Balancing considerations	61
Persistent ALPA Policy	61
Enabling Persistent ALPA	62
Disabling Persistent ALPA	62
Persistent ALPA device data	62
Removing device data from the database	62
Displaying device data	63
Clearing ALPA values	63
Persistent ALPA policy considerations	63
Upgrade and downgrade considerations for Persistent ALPA	63
Failover	64
Failover with port-based mapping	64
Failover with device-based mapping	66
Enabling and disabling Failover on a N_Port	67
Enabling and disabling Failover for a port group	67
Upgrade and downgrade considerations for Failover	68
Failback	68
Failback configurations in Access Gateway	68
Enabling and disabling Failback on an N_Port	69
Enabling and disabling Failback for a port group	70
Upgrade and downgrade considerations for Failback	70
Trunking in Access Gateway mode	70
How Trunking works	70
Configuring Trunking on the Edge switch	71
Configuration management for trunk areas	72
Enabling trunking	73
Disabling F_Port trunking	74
Trunking monitoring	74
Trunking considerations for the Edge switch	74
Trunking considerations for Access Gateway module	77
Upgrade and downgrade considerations for Trunking in Access Gateway mode	77
Adaptive Networking on Access Gateway	78
Upgrade and downgrade considerations with Adaptive Networking in AG mode enabled	79
Adaptive Networking on Access Gateway considerations	79
Per Port NPIV login limit	80
Setting the login limit	80
Considerations for the Brocade 8000	80
SAN Configuration with Access Gateway	83
In this chapter	83
Connectivity of multiple devices overview	83
Direct target attachment	83
Considerations	83
Target aggregation	84
Access Gateway cascading	84
Fabric and Edge switch configuration	85
Verifying the switch mode	85
Enabling NPIV on M-EOS switches	86
Connectivity to Cisco Fabrics	87
Enabling NPIV on a Cisco switch	87
Rejoining Fabric OS switches to a fabric	87
Reverting to a previous configuration	87
Troubleshooting	89

Match case Limit results 1 per page

Access Gateway Administrator’s Guide

53-1001760-01

Advanced Device Security policy

Setting the list of devices not allowed to log in

Connect to the switch and log in using an account assigned to the admin role.

Enter the

adsset

command with the appropriate operands to set the list of devices not

allowed to log into specific ports. In the following example, ports 11 and 12 are set to “no

access.”

switch:admin >

ag –-adsset “11;12” “”

WWN list set successfully as the Allow Lists of the F_Port[s]

Removing devices from the list of allowed devices

Use the

adsdel

command to delete the specified WWNs from the list of devices allowed to log

in to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must

be separated by semicolons. Replace the F_Port list with an asterisk (*) to remove the specified

WWNs from all the F_Ports' allow lists. The ADS policy must be enabled for this command to

succeed.

Connect to the switch and log in using an account assigned to the admin role.

Enter the

adsdel

command to remove one or more devices from the list of allowed

devices.

Use the following syntax:

ag--adsdel "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"

In the following example, two devices are removed from the list of allowed devices (for ports 3

and 9).

switch:admin>

ag --adsdel "3;9"

"22:03:08:00:88:35:a0:12;22:00:00:e0:8b:88:01:8b"

WWNs removed successfully from Allow Lists of the F_Port[s]Viewing F_Ports

allowed to login

Adding new devices to the list of allowed devices

You can add the specified WWNs to the list of devices allowed to log in to the specified F_Ports.

Lists must be enclosed in double quotation marks. List members must be separated by

semicolons. Replace the F_Port list with an asterisk (*) to add the specified WWNs to all the

F_Ports' allow lists. The ADS policy must be enabled for this command to succeed.

Connect to the switch and log in using an account assigned to the admin role.

Enter the

ag --adsadd

command with appropriate operands to add one or more new devices to

the list of allowed devices.

Use the following syntax:

ag--adsadd "F_Port [;F_Port2;...]" "WWN [;WWN2;...]"

In the following example, two devices are added to the list of allowed devices (for ports 3 and

9).

switch:admin>

ag --adsadd "3;9"

"20:03:08:00:88:35:a0:12;21:00:00:e0:8b:88:01:8b"

WWNs added successfully to Allow Lists of the F_Port[s]