HP StorageWorks 2/32 Brocade Secure Fabric OS Administrator's Guide (53-100024 - Page 64
Telnet Policy
View all HP StorageWorks 2/32 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 64 highlights
3 Table 3-3 Read and Write Behaviors of SNMP Policies (Continued) RSNMP Policy WSNMP Policy Read Result Write Result Empty Host B in policy Only B can read Only B can write Host A in policy Host A in policy Host A in policy Nonexistent Empty Host B in policy This combination is not supported. If the WSNMP policy is not defined, the RSNMP policy cannot be created. Only A can read No host can write A and B can read Only B can write To create an SNMP policy 1. From a sectelnet or SSH session, log in to the primary FCS switch as admin. 2. Type secPolicyCreate "WSNMP_POLICY", "member;...;member". member is one or more IP addresses in dot-decimal notation. "0" can be entered in an octet to indicate that any number can be matched in that octet. For example, to create an WSNMP and an RSNMP policy to allow only IP addresses that match 192.168.5.0 read and write access to the fabric:. primaryfcs:admin> secpolicycreate "WSNMP_POLICY", "192.168.5.0" WSNMP_POLICY has been created. primaryfcs:admin> secpolicycreate "RSNMP_POLICY", "192.168.5.0" RSNMP_POLICY has been created. 3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate command. If neither of these commands is entered, the changes are lost when the session is logged out. For more information about these commands, see "Saving Changes to Secure Fabric OS Policies" on page 3-26 and "Activating Changes to Secure Fabric OS Policies" on page 3-27. Telnet Policy The Telnet policy can be used to specify which workstations can use sectelnet or SSH to connect to the fabric. The policy is named TELNET _POLICY and contains a list of the IP addresses for the trusted workstations (workstations that are in a physically secure area). When a SilkWorm 24000 or 48000 director is in secure mode, sectelnet or SSH sessions cannot be opened to the active CP. This prevents potential violation of the Telnet policy, since the active CP can be used to access either of the logical switches on a two-domain SilkWorm 24000. However, sectelnet or SSH sessions can be established to the IP addresses of the logical switches and to the standby CP, if allowed by the Telnet policy. If the active CP fails over, any sectelnet or SSH sessions to the standby CP are automatically terminated when the standby CP becomes the active CP. 3-14 Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01