HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 54

To enable secure mode in the fabric, secModeEnable, con configDownload

Get HP StorageWorks 2/16V - SAN Switch PDF manuals and user guides View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals

Page 54 highlights

3 The following restrictions apply when secure mode is enabled: • Standard telnet cannot be used after secure mode is enabled; however, sectelnet can be used as soon as a digital certificate is installed on the switch. SSH can be used at any time; however, telnet sessions opened prior to issuing secModeEnable remain open if secure mode is enabled using the option to preserve passwords. If telnet use is completely prohibited, the telnet protocol should be disabled on each switch, using the configure command, prior to enabling secure mode. • Several commands can be entered only from the FCS switches. See "Command Restrictions in Secure Mode" on page B-6 for a list of these commands. • If downloading a configuration to the switch: - Download the configuration to the primary FCS switch. A configuration downloaded to a backup FCS switch or non-FCS switch is overwritten by the next fabric-wide update from the primary FCS switch. - If the configdownload file contains an RSNMP policy, it must also contain a WSNMP policy. - The defined policy set in the configdownload file must have the following characteristics: • The defined policy set must exist. • The FCS policy must be the first policy. • The FCS policy must have at least one switch in common with the current defined FCS policy in the fabric. - The active policy set in the configdownload file must have the following characteristics: • The active policy set must exist. • The FCS policy must be the first policy. • The FCS policy must be identical to the active FCS policy in the fabric. Note If any part of the configuration download process fails, resolve the source of the problem and repeat the configDownload command. For information about troubleshooting the configuration download process, see the Fabric OS Administrator's Guide. After configDownload, the policy database might require up to 8 minutes to download. For information about displaying the existing Secure Fabric OS policies, see "Displaying Individual Secure Fabric OS Policies" on page 4-3. Note Enabling secure mode fastboots all Fabric OS v2.6.x switches in the fabric. To enable secure mode in the fabric 1. Ensure that all switches in the fabric have the following: • Fabric OS v2.6.2, v3.2.x, v4.4.x, v5.0.1, v5.1.0, or v5.2.0 • An activated Secure Fabric OS license • An activated Advanced Zoning license • Digital certificate 3-4 Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
3-4
Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
3
The following restrictions apply when secure mode is enabled:
Standard telnet cannot be used after secure mode is enabled; however, sectelnet can be used as soon
as a digital certificate is installed on the switch. SSH can be used at any time; however, telnet
sessions opened prior to issuing
secModeEnable
remain open if secure mode is enabled using the
option to preserve passwords. If telnet use is completely prohibited, the telnet protocol should be
disabled on each switch, using the
configure
command, prior to enabling secure mode.
Several commands can be entered only from the FCS switches. See
“Command Restrictions in
Secure Mode”
on page B-6 for a list of these commands.
If downloading a configuration to the switch:
-
Download the configuration to the primary FCS switch. A configuration downloaded to a
backup FCS switch or non-FCS switch is overwritten by the next fabric-wide update from the
primary FCS switch.
-
If the configdownload file contains an RSNMP policy, it must also contain a WSNMP policy.
-
The defined policy set in the configdownload file must have the following characteristics:
The defined policy set must exist.
The FCS policy must be the first policy.
The FCS policy must have at least one switch in common with the current defined FCS
policy in the fabric.
-
The active policy set in the configdownload file must have the following characteristics:
The active policy set must exist.
The FCS policy must be the first policy.
The FCS policy must be identical to the active FCS policy in the fabric.
For information about displaying the existing Secure Fabric OS policies, see
“Displaying Individual
Secure Fabric OS Policies”
on page 4-3
.
To enable secure mode in the fabric
1.
Ensure that all switches in the fabric have the following:
Fabric OS v2.6.2, v3.2.x, v4.4.x, v5.0.1, v5.1.0, or v5.2.0
An activated Secure Fabric OS license
An activated Advanced Zoning license
Digital certificate
Note
If any part of the configuration download process fails, resolve the source of the problem
and repeat the
configDownload
command. For information about troubleshooting the
configuration download process, see the
Fabric OS Administrator’s Guide
.
After
configDownload
, the policy database might require up to 8 minutes to download.
Note
Enabling secure mode fastboots all Fabric OS v2.6.x switches in the fabric.