HP StorageWorks 2/32 Brocade Secure Fabric OS Administrator's Guide (53-100024 - Page 97

Preventing a LUN Connection, Troubleshooting

Get HP StorageWorks 2/32 - SAN Switch PDF manuals and user guides View all HP StorageWorks 2/32 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 97 highlights

4 Preventing a LUN Connection It might be necessary to prevent someone from connecting a host and mounting a logical unit number (LUN) connection to your secure fabric. Besides hardware-enforced zoning, you need to create options and DCC policies on each switch in the secure fabric after configuring it in all your hosts and storage. This locks down anything that is connected to the secure fabric. If someone subsequently plugs in a rogue host, that port becomes disabled. Alternatively, if your primary FCS switch is running Fabric OS v3.2.0, v4.4.0, or v5.x you can use secModeEnable --quickmode, --lockdown, or --lockdown=dcc to enable secure mode; either option creates DCC policies for each port in the fabric. Note If you change the PID format used on the fabric (for example, from native mode to core PID mode), you need to create new DCC policies on each switch. If an edge fabric is connected to a fibre channel router, secModeEnable --quickmode is not supported. Troubleshooting Some of the most likely issues with Secure Fabric OS management and the recommended actions are described in Table 4-5. The information in the table is based on the assumption that the fabric was originally fully functional and secure mode was enabled. Note Some of the recommended actions might interrupt data traffic. Table 4-5 Recovery Processes Symptom Possible Causes Recommended Actions Secure Fabric OS policies do not appear to be in effect. Secure mode is not enabled. Type the secModeShow command. If secure mode is disabled, enter the secModeEnable command on the switch that you want to become the primary FCS switch and specify the FCS switches at the prompts. Policy changes have not been applied. Type the secPolicyShow command and review the differences between the active and defined policy sets. If desired, enter the secPolicyActivate command to activate all recent policy changes. Fabric has segmented. See possible causes and actions for "One or more switches has segmented from the fabric," later in this table. Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01 4-17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
Secure Fabric OS Administrator’s Guide
4-17
Publication Number: 53-1000244-01
4
Preventing a LUN Connection
It might be necessary to prevent someone from connecting a host and mounting a logical unit number
(LUN) connection to your secure fabric. Besides hardware-enforced zoning, you need to create options
and DCC policies on each switch in the secure fabric after configuring it in all your hosts and storage.
This locks down anything that is connected to the secure fabric. If someone subsequently plugs in a
rogue
host, that port becomes disabled. Alternatively, if your primary FCS switch is running Fabric OS
v3.2.0, v4.4.0, or v5.x you can use
secModeEnable --quickmode
,
--lockdown
, or
--lockdown=dcc
to enable secure mode; either option creates DCC policies for each port in the fabric.
Troubleshooting
Some of the most likely issues with Secure Fabric OS management and the recommended actions are
described in
Table 4-5
. The information in the table is based on the assumption that the fabric was
originally fully functional and secure mode was enabled.
Note
If you change the PID format used on the fabric (for example, from native mode to core PID mode), you
need to create new DCC policies on each switch.
If an edge fabric is connected to a fibre channel router,
secModeEnable --quickmode
is not supported.
Note
Some of the recommended actions might interrupt data traffic.
Table 4-5
Recovery Processes
Symptom
Possible Causes
Recommended Actions
Secure Fabric OS
policies do not appear to
be in effect.
Secure mode is not enabled.
Type the
secModeShow
command. If secure mode is disabled,
enter the
secModeEnable
command on the switch that you want to
become the primary FCS switch and specify the FCS switches at
the prompts.
Policy changes have not
been applied.
Type the
secPolicyShow
command and review the differences
between the active and defined policy sets. If desired, enter the
secPolicyActivate
command to activate all recent policy changes.
Fabric has segmented.
See possible causes and actions for “One or more switches has
segmented from the fabric,” later in this table.