HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 61

Creating Secure Fabric OS Policies Other Than the FCS Policy

Get HP StorageWorks 2/16V - SAN Switch PDF manuals and user guides View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals

Page 61 highlights

3 For example, type secFCSFailover from the backup FCS switch "fcsswitchc" and then type secPolicyShow: fcsswitchc:admin> secfcsfailover This switch is about to become the primary FCS switch. All transactions of the current Primary FCS switch will be aborted. ARE YOU SURE (yes, y, no, n): [no] y WARNING!!! The FCS policy of Active and Defined Policy sets have been changed. Review them before you issue secpolicyactivate again. fcsswitchc:admin> secpolicyshow "active","FCS_POLICY" ACTIVE POLICY SET FCS_POLICY Pos PrimaryWWN DId swName 1 Yes 10:00:00:00:00:00:33:3c3 fcsswitchc 2 No 10:00:00:00:00:00:11:1c1 fcsswitcha 3 No 10:00:00:00:00:00:22:2c2 fcsswitchb The backup FCS switch becomes the new primary FCS switch, and the FCS policy is modified so that the new and previous primary FCS switches have exchanged places. Creating Secure Fabric OS Policies Other Than the FCS Policy The FCS policy is automatically created when secure mode is enabled; other Secure Fabric OS policies can be created after secure mode is enabled. (Using the quickmode or lockdown options to the secModeEnable command also creates an SCC policy and a DCC policy.) The member list of each policy determines the devices or switches to which the policy applies. If a policy does not exist, then no Secure Fabric OS controls are in effect for that aspect of the fabric. If a policy exists but has no members, that functionality is disabled for all switches in the fabric. As soon as a policy has been created, that functionality becomes disabled for all switches except the members listed in the policy. Note Save policy changes frequently; changes are lost if the switch is rebooted before the changes are saved. Each supported policy is identified by a specific name, and only one policy of each type can exist (except for DCC policies). The policy names are case sensitive and must be entered in all uppercase. Multiple DCC policies can be created using the naming convention DCC_POLICY_nnn, with nnn representing a unique string. Note Uploading and saving a copy of the Secure Fabric OS database after creating the desired Secure Fabric OS policies is strongly recommended. The configUpload command can be used to upload a copy of the configuration file, which contains all the Secure Fabric OS information. For more information about this command, see the Fabric OS Command Reference. Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01 3-11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
Secure Fabric OS Administrator’s Guide
3-11
Publication Number: 53-1000244-01
3
For example, type
secFCSFailover
from the backup FCS switch “fcsswitchc” and then type
secPolicyShow
:
The backup FCS switch becomes the new primary FCS switch, and the FCS policy is modified so
that the new and previous primary FCS switches have exchanged places.
Creating Secure Fabric OS Policies Other Than the
FCS Policy
The FCS policy is automatically created when secure mode is enabled; other Secure Fabric OS policies
can be created after secure mode is enabled. (Using the quickmode or lockdown options to the
secModeEnable
command also creates an SCC policy and a DCC policy.) The member list of each
policy determines the devices or switches to which the policy applies.
If a policy does not exist, then no Secure Fabric OS controls are in effect for that aspect of the fabric. If
a policy exists but has no members, that functionality is disabled for all switches in the fabric. As soon
as a policy has been created, that functionality becomes disabled for all switches except the members
listed in the policy.
Each supported policy is identified by a specific name, and only one policy of each type can exist
(except for DCC policies). The policy names are case sensitive and must be entered in all uppercase.
Multiple DCC policies can be created using the naming convention DCC_POLICY_
nnn
, with
nnn
representing a unique string.
fcsswitchc:admin>
secfcsfailover
This switch is about to become the primary FCS switch.
All transactions of the current Primary FCS switch will be aborted.
ARE YOU SURE (yes, y, no, n): [no]
y
WARNING!!!
The FCS policy of Active and Defined Policy sets have been changed.
Review them before you issue secpolicyactivate again.
fcsswitchc:admin>
secpolicyshow "active","FCS_POLICY"
____________________________________________________
ACTIVE POLICY SET
FCS_POLICY
Pos PrimaryWWN
DId
swName
__________________________________________________
1
Yes
10:00:00:00:00:00:33:3c3
fcsswitchc
2
No
10:00:00:00:00:00:11:1c1
fcsswitcha
3
No
10:00:00:00:00:00:22:2c2
fcsswitchb
Note
Save policy changes frequently; changes are lost if the switch is rebooted before the changes are saved.
Note
Uploading and saving a copy of the Secure Fabric OS database after creating the desired Secure Fabric
OS policies is strongly recommended. The
configUpload
command can be used to upload a copy of the
configuration file, which contains all the Secure Fabric OS information. For more information about this
command, see the
Fabric OS Command Reference
.