HP StorageWorks 4/16 Brocade OS Command Reference Manual Supporting Fabric OS - Page 579
secPolicyAdd, Synopsis, Description, Notes, Operands, WWN Member Policy Types
View all HP StorageWorks 4/16 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 579 highlights
secPolicyAdd 2 secPolicyAdd Adds members to an existing security policy. Synopsis secpolicyadd "name", "member[;member...]" Description Use this command to add member to an existing access policy. The new members must not already be members within the policy or the command fails. Each policy corresponds to a management method. The list of members of a policy acts as an access control list for that management method. Before a policy is created, there is no enforcement for that management method; all access is granted. After a policy has been created and a member has been added to the policy, that policy becomes closed to all access except from included members. If all members are then deleted from the policy, all access is denied for that management method (the DCC_POLICY is an exception). Notes When FCS Policy is enabled, this command can be issued only from the Primary FCS switch. The secpolicyadd command can be issued on all switches for SCC and DCC policies as long as fabric-wide consistency policy is not set for the particular policy. Do not add the WWNs of front or translate (xlate) domains to the FCS policy if the edge fabric is connected to an FC Router. Operands This command has the following operands: "name" Specify the name of an existing policy to which you want to add members. Valid values for this operand are: • DCC_POLICY_nnn • FCS_POLICY • SCC_POLICY The specified policy name must be capitalized. The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed by a string of user-defined characters. These characters do not have to be capitalized like regular policy names, but they are case sensitive. NOTE Back-up FCS switches typically cannot modify the policy. However, if Primary FCS switch in the policy list is not reachable, then a back-up FCS switch is allowed to modify the policy. If all the reachable back-up FCS switches are running pre-v5.3.0 versions of Fabric OS, a non-FCS v5.3.0 switch will be allowed to modify the policy so that new switch can be added to the policy. "member" Fabric OS Command Reference 53-1000599-01 Specify a list of member switches for the security policy. The members must be enclosed in quotation marks and separated by semicolons. Depending on the policy type, members can be specified using IP address, WWN, domain, switch name, or other. WWN Member Policy Types The following policy types require members be specified by WWN address: • FCS_POLICY • SCC_POLICY 553