HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 64

Telnet Policy

Get HP StorageWorks 2/16V - SAN Switch PDF manuals and user guides View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals

Page 64 highlights

3 Table 3-3 Read and Write Behaviors of SNMP Policies (Continued) RSNMP Policy WSNMP Policy Read Result Write Result Empty Host B in policy Only B can read Only B can write Host A in policy Host A in policy Host A in policy Nonexistent Empty Host B in policy This combination is not supported. If the WSNMP policy is not defined, the RSNMP policy cannot be created. Only A can read No host can write A and B can read Only B can write To create an SNMP policy 1. From a sectelnet or SSH session, log in to the primary FCS switch as admin. 2. Type secPolicyCreate "WSNMP_POLICY", "member;...;member". member is one or more IP addresses in dot-decimal notation. "0" can be entered in an octet to indicate that any number can be matched in that octet. For example, to create an WSNMP and an RSNMP policy to allow only IP addresses that match 192.168.5.0 read and write access to the fabric:. primaryfcs:admin> secpolicycreate "WSNMP_POLICY", "192.168.5.0" WSNMP_POLICY has been created. primaryfcs:admin> secpolicycreate "RSNMP_POLICY", "192.168.5.0" RSNMP_POLICY has been created. 3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate command. If neither of these commands is entered, the changes are lost when the session is logged out. For more information about these commands, see "Saving Changes to Secure Fabric OS Policies" on page 3-26 and "Activating Changes to Secure Fabric OS Policies" on page 3-27. Telnet Policy The Telnet policy can be used to specify which workstations can use sectelnet or SSH to connect to the fabric. The policy is named TELNET _POLICY and contains a list of the IP addresses for the trusted workstations (workstations that are in a physically secure area). When a SilkWorm 24000 or 48000 director is in secure mode, sectelnet or SSH sessions cannot be opened to the active CP. This prevents potential violation of the Telnet policy, since the active CP can be used to access either of the logical switches on a two-domain SilkWorm 24000. However, sectelnet or SSH sessions can be established to the IP addresses of the logical switches and to the standby CP, if allowed by the Telnet policy. If the active CP fails over, any sectelnet or SSH sessions to the standby CP are automatically terminated when the standby CP becomes the active CP. 3-14 Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
3-14
Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
3
To create an SNMP policy
1.
From a sectelnet or SSH session, log in to the
primary FCS switch as admin.
2.
Type
secPolicyCreate “WSNMP_POLICY”, “
member
;
...
;
member
.
member
is one or more IP addresses in dot-decimal notation. “0” can be entered in an octet to
indicate that any number can be matched in that octet.
For example, to create an WSNMP and an RSNMP policy to allow only IP addresses that match
192.168.5.0 read and write access to the fabric:.
3.
To save or activate the new policy, enter either the
secPolicySave
or the
secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out. For
more information about these commands, see
“Saving Changes to Secure Fabric OS Policies”
on
page 3-26 and
“Activating Changes to Secure Fabric OS Policies”
on page 3-27.
Telnet Policy
The Telnet policy can be used to specify which workstations can use sectelnet or SSH to connect to the
fabric. The policy is named TELNET _POLICY and contains a list of the IP addresses for the trusted
workstations (workstations that are in a physically secure area).
When a SilkWorm 24000 or 48000 director is in secure mode, sectelnet or SSH sessions cannot be
opened to the active CP. This prevents potential violation of the Telnet policy, since the active CP can be
used to access either of the logical switches on a two-domain SilkWorm 24000. However, sectelnet or
SSH sessions can be established to the IP addresses of the logical switches and to the standby CP, if
allowed by the Telnet policy. If the active CP fails over, any sectelnet or SSH sessions to the standby CP
are automatically terminated when the standby CP becomes the active CP.
Empty
Host B in policy
Only B can read
Only B can write
Host A in policy
Nonexistent
This combination is not supported. If the WSNMP
policy is not defined, the RSNMP policy cannot be
created.
Host A in policy
Empty
Only A can read
No host can write
Host A in policy
Host B in policy
A and B can read
Only B can write
primaryfcs:admin>
secpolicycreate "WSNMP_POLICY", "192.168.5.0"
WSNMP_POLICY has been created.
primaryfcs:admin>
secpolicycreate "RSNMP_POLICY", "192.168.5.0"
RSNMP_POLICY has been created.
Table 3-3
Read and Write Behaviors of SNMP Policies (Continued)
RSNMP Policy
WSNMP Policy
Read Result
Write Result