HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 75

Managing Secure Fabric OS Policies

Get HP StorageWorks 2/16V - SAN Switch PDF manuals and user guides View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals

Page 75 highlights

3 Table 3-13 SCC Policy States Policy State SCC Policy Enforcement No policy specified All switches may join the fabric. Policy specified, but with The SCC policy includes all FCS switches. All non-FCS switches are no members excluded. Only FCS switches may join the fabric. Policy specified, with members The SCC policy contains all FCS switches and any switches specified in the member list. Any non-FCS switches not explicitly specified are excluded. Only FCS switches and explicitly specified non-FCS switches may join the fabric. To create an SCC policy 1. From a sectelnet or SSH session, log in to the primary FCS switch as admin. 2. Type secPolicyCreate "SCC_POLICY", "member;...;member". member indicates a switch that is permitted to join the fabric. Specify switches by WWN, domain ID, or switch name. Enter an asterisk (*) to indicate all the switches in the fabric. For example, to create an SCC policy that allows switches that have domain IDs 2 and 4 to join the fabric: primaryfcs:admin> secpolicycreate "SCC_POLICY", "2;4" SCC_POLICY has been created 3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate command. If neither of these commands is entered, the changes are lost when the session is logged out. For more information about these commands, see "Saving Changes to Secure Fabric OS Policies" on page 3-26 and "Activating Changes to Secure Fabric OS Policies" on page 3-27. Managing Secure Fabric OS Policies All Secure Fabric OS transactions must be performed through the primary FCS switch only, except for the secTransAbort, secFCSFailover, secStatsReset, and secStatsShow commands. You can create multiple sessions to the primary FCS switch from one or more hosts. However, the software allows only one Secure Fabric OS transaction at a time. If a second Secure Fabric OS transaction is started, it fails. The only secondary transaction that can succeed is the secTransAbort command. All policy modifications are saved in volatile memory only until the changes are saved or activated. The following functions can be performed on existing Secure Fabric OS policies: • "Saving Changes to Secure Fabric OS Policies" on page 3-26 Save changes to flash memory without actually implementing the changes within the fabric. This saved but inactive information is known as the defined policy set. Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01 3-25

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
Secure Fabric OS Administrator’s Guide
3-25
Publication Number: 53-1000244-01
3
To create an SCC policy
1.
From a sectelnet or SSH session, log in to the primary FCS switch as admin
.
2.
Type
secPolicyCreate "SCC_POLICY", “
member
;
...
;
member
.
member
indicates a switch that is permitted to join the fabric. Specify switches by WWN, domain
ID, or switch name. Enter an asterisk (*) to indicate all the switches in the fabric.
For example, to create an SCC policy that allows switches that have domain IDs 2 and 4 to join the
fabric:
3.
To save or activate the new policy, enter either the
secPolicySave
or the
secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out. For
more information about these commands, see
“Saving Changes to Secure Fabric OS Policies”
on
page 3-26 and
“Activating Changes to Secure Fabric OS Policies”
on page 3-27.
Managing Secure Fabric OS Policies
All Secure Fabric OS transactions must be performed through the primary FCS switch only, except for
the
secTransAbort
,
secFCSFailover
,
secStatsReset
, and
secStatsShow
commands.
You can create multiple sessions to the primary FCS switch from one or more hosts. However, the
software allows only one Secure Fabric OS transaction at a time. If a second Secure Fabric OS
transaction is started, it fails. The only secondary transaction that can succeed is the
secTransAbort
command.
All policy modifications are saved in volatile memory only until the changes are saved or activated.
The following functions can be performed on existing Secure Fabric OS policies:
“Saving Changes to Secure Fabric OS Policies”
on page 3-26
Save changes to flash memory without actually implementing the changes within the fabric. This
saved but inactive information is known as the
defined policy set
.
Table 3-13
SCC Policy States
Policy State
SCC Policy Enforcement
No policy specified
All switches may join the fabric.
Policy specified, but with
no members
The SCC policy includes all FCS switches. All non-FCS switches are
excluded.
Only FCS switches may join the fabric.
Policy specified, with
members
The SCC policy contains all FCS switches and any switches specified in
the member list. Any non-FCS switches not explicitly specified are
excluded. Only FCS switches and explicitly specified non-FCS switches
may join the fabric.
primaryfcs:admin>
secpolicycreate "SCC_POLICY", “2;4”
SCC_POLICY has been created