HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 53

3 The secModeEnable command performs the following actions: • Creates and activates the FCS policy. • Distributes the policy set (initially consisting of only the FCS policy) to all switches in the fabric. • Activates and distributes the local zoning configurations. • Fastboots any switches needing a reboot to bring the fabric up in secure mode. (Switches running Fabric OS v3.2.x, v4.4.x, v5.0.1, v5.1.0, and v5.2.0 are not rebooted when secure mode is enabled.) Note Run secFabricShow to verify that all switches in the fabric are in a "Ready" state before running any commands that change security policies, passwords, or SNMP. By default, the only policy created is the FCS policy. This policy is implemented; no other Secure Fabric OS-related changes occur to the fabric. Other Secure Fabric OS policies can be created after the fastboots are complete. Run secModeEnable from a Fabric OS v2.6.1, v3.1.x, v4.1.x, and v4.2.x switch to distribute all default account passwords to all other switches in the fabric. In addition, Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 switches back up existing MUAs and remove them from the existing password database. Run secModeEnable from a Fabric OS v3.2.0, v4.4.0, v5.0.1, or v5.1.0 switch to distribute all default account passwords and MUA information to all other Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 switches in the fabric. Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 switches back up their own existing MUAs and remove them from the existing password database. Fabric OS versions 2.6.1, 3.1.x, 4.1.x, and 4.2.x switches receives the default account distribution only. Fabric OS v3.2.x, v4.4.x, v5.0.1 v5.1.0, and v5.2.0 provide two secModeEnable options. The default option prompts for new passwords for all default accounts and leaves the MUA passwords unchanged before distribution to other switches in the fabric. The other option, --currentpwd, suppresses the prompt for new default account passwords. The existing default account passwords and MUA passwords on the primary FCS switch are distributed to the rest of the fabric. The command backs up and deletes all MUAs on a receiving switch that are different from the ones on the primary FCS switch. Depending on whether optional arguments are specified or not, the command also might request new passwords for secure mode. Caution Placing the two switches of a two-domain SilkWorm 24000 in separate fabrics is not supported if secure mode is enabled on one or both switches. Secure Fabric OS Administrator's Guide 3-3 Publication Number: 53-1000244-01