HP StorageWorks 2/32 Brocade Secure Fabric OS Administrator's Guide (53-100024 - Page 97
Preventing a LUN Connection, Troubleshooting
View all HP StorageWorks 2/32 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 97 highlights
4 Preventing a LUN Connection It might be necessary to prevent someone from connecting a host and mounting a logical unit number (LUN) connection to your secure fabric. Besides hardware-enforced zoning, you need to create options and DCC policies on each switch in the secure fabric after configuring it in all your hosts and storage. This locks down anything that is connected to the secure fabric. If someone subsequently plugs in a rogue host, that port becomes disabled. Alternatively, if your primary FCS switch is running Fabric OS v3.2.0, v4.4.0, or v5.x you can use secModeEnable --quickmode, --lockdown, or --lockdown=dcc to enable secure mode; either option creates DCC policies for each port in the fabric. Note If you change the PID format used on the fabric (for example, from native mode to core PID mode), you need to create new DCC policies on each switch. If an edge fabric is connected to a fibre channel router, secModeEnable --quickmode is not supported. Troubleshooting Some of the most likely issues with Secure Fabric OS management and the recommended actions are described in Table 4-5. The information in the table is based on the assumption that the fabric was originally fully functional and secure mode was enabled. Note Some of the recommended actions might interrupt data traffic. Table 4-5 Recovery Processes Symptom Possible Causes Recommended Actions Secure Fabric OS policies do not appear to be in effect. Secure mode is not enabled. Type the secModeShow command. If secure mode is disabled, enter the secModeEnable command on the switch that you want to become the primary FCS switch and specify the FCS switches at the prompts. Policy changes have not been applied. Type the secPolicyShow command and review the differences between the active and defined policy sets. If desired, enter the secPolicyActivate command to activate all recent policy changes. Fabric has segmented. See possible causes and actions for "One or more switches has segmented from the fabric," later in this table. Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01 4-17