Home » HP Manuals » Storage Devices » HP StorageWorks 4/16 » Manual Viewer

HP StorageWorks 4/16 Brocade OS Command Reference Manual Supporting Fabric OS - Page 579

secPolicyAdd, Synopsis, Description, Notes, Operands, WWN Member Policy Types

View all HP StorageWorks 4/16 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 579 highlights

secPolicyAdd 2 secPolicyAdd Adds members to an existing security policy. Synopsis secpolicyadd "name", "member[;member...]" Description Use this command to add member to an existing access policy. The new members must not already be members within the policy or the command fails. Each policy corresponds to a management method. The list of members of a policy acts as an access control list for that management method. Before a policy is created, there is no enforcement for that management method; all access is granted. After a policy has been created and a member has been added to the policy, that policy becomes closed to all access except from included members. If all members are then deleted from the policy, all access is denied for that management method (the DCC_POLICY is an exception). Notes When FCS Policy is enabled, this command can be issued only from the Primary FCS switch. The secpolicyadd command can be issued on all switches for SCC and DCC policies as long as fabric-wide consistency policy is not set for the particular policy. Do not add the WWNs of front or translate (xlate) domains to the FCS policy if the edge fabric is connected to an FC Router. Operands This command has the following operands: "name" Specify the name of an existing policy to which you want to add members. Valid values for this operand are: • DCC_POLICY_nnn • FCS_POLICY • SCC_POLICY The specified policy name must be capitalized. The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed by a string of user-defined characters. These characters do not have to be capitalized like regular policy names, but they are case sensitive. NOTE Back-up FCS switches typically cannot modify the policy. However, if Primary FCS switch in the policy list is not reachable, then a back-up FCS switch is allowed to modify the policy. If all the reachable back-up FCS switches are running pre-v5.3.0 versions of Fabric OS, a non-FCS v5.3.0 switch will be allowed to modify the policy so that new switch can be added to the policy. "member" Fabric OS Command Reference 53-1000599-01 Specify a list of member switches for the security policy. The members must be enclosed in quotation marks and separated by semicolons. Depending on the policy type, members can be specified using IP address, WWN, domain, switch name, or other. WWN Member Policy Types The following policy types require members be specified by WWN address: • FCS_POLICY • SCC_POLICY 553

Section	Page
Contents	5
About This Document	17
How This Document Is Organized	17
Supported Hardware and Software	17
What’s New in This Document	18
Platform-based commands	20
Chassis-based commands	21
Document Conventions	21
Text Formatting	21
Command Syntax conventions	21
Notes, cautions, and warnings	22
Key terms	22
Additional Information	23
Brocade Resources	23
Other industry resources	23
Optional Brocade Features	23
Getting Technical Help	24
Document Feedback	25
Using Fabric OS Commands	27
Understanding Role-Based Access Control	27
Understanding Admin Domain Restrictions	28
Using the Command Line Interface	28
Fabric OS Commands	31
aaaConfig	31
ad	35
ag	45
agshow	54
aliAdd	56
aliCreate	57
aliDelete	58
aliRemove	59
aliShow	60
aptPolicy	61
auditCfg	63
authUtil	64
bannerSet	67
bannerShow	68
bcastShow	69
bladeBeacon	70
bladeDisable	71
bladeEnable	72
burninErrClear	74
burninErrShow	75
burninLevel	76
burninStatus	77
cfgActvShow	78
cfgAdd	79
cfgClear	80
cfgCreate	81
cfgDelete	82
cfgDisable	83
cfgEnable	84
cfgMcdtmode	85
cfgRemove	86
cfgSave	87
cfgSaveActiveToDefined	88
cfgShow	89
cfgSize	91
cfgTransAbort	92
cfgTransShow	93
chassisConfig	94
chassisName	96
chassisShow	97
cliHistory	99
configDefault	100
configDownload	101
configList	105
configRemove	106
configShow	107
configUpload	109
configure	112
dataTypeShow	119
date	120
dbgShow	122
defZone	123
diagClearError	125
diagDisablePost	126
diagEnablePost	127
diagEnv	128
diagFailLimit	130
diagHelp	131
diagPost	132
diagRetry	133
diagSetBurnin	134
diagSetCycle	135
diagShow	136
diagSkipTests	137
diagStatus	138
diagStopBurnin	139
dbgShow	140
distribute	141
dlsReset	143
dlsSet	144
dlsShow	145
dnsConfig	146
enclosureShow	147
errClear	148
errDelimiterSet	149
errDump	150
errFilterSet	151
errModuleShow	152
errShow	153
exit	154
fabPortShow	155
fabRetryShow	158
fabricLog	159
fabricPrincipal	161
fabricShow	162
fabStateClear	164
fabStateResize	165
fabStateShow	166
fabStatsShow	167
fabSwitchShow	169
fanDisable	170
fanEnable	171
fanShow	172
fastboot	173
fastwritecfg	174
fazoneAdd	176
fazoneCreate	177
fazoneDelete	179
fazoneRemove	180
fazoneShow	181
fcipChipTest	182
fcipPathTest	184
fcLunQuery	186
fcPing	187
fcpLogClear	189
fcpLogDisable	190
fcpLogEnable	191
fcpLogShow	192
fcpProbeShow	193
fcpRlsShow	194
fcrBcastConfig	195
fcrChipTest	196
fcrConfigure	198
fcrFabricShow	199
fcrLsanCount	201
fcrLsanMatrix	202
fcrPathTest	205
fcrPhyDevShow	207
fcrProxyConfig	209
fcrProxyDevShow	211
fcrResourceShow	213
fcrRouterPortCost	215
fcrRouteShow	217
fcrXlateConfig	218
fddCfg	220
fdmiCacheShow	222
fdmiShow	223
ficonClear	224
ficonCupSet	225
ficonCupShow	226
ficonHelp	227
ficonShow	228
fipsConfig	234
firmwareCommit	236
firmwareDownload	237
firmwareDownloadStatus	242
firmwareKeyShow	245
firmwareRestore	246
firmwareShow	247
firmwareKeyUpdate	248
fosConfig	250
fruReplace	252
fspfShow	253
fwAlarmsFilterSet	255
fwAlarmsFilterShow	256
fwClassInit	257
fwConfigReload	258
fwConfigure	259
fwFruCfg	264
fwHelp	265
fwMailCfg	266
fwPortDetailShow	268
fwSamShow	271
fwSet	272
fwSetToCustom	273
fwSetToDefault	274
fwShow	275
h	278
haDisable	279
haDump	280
haEnable	282
haFailover	283
haShow	284
haSyncStart	286
haSyncStop	287
help	288
historyLastShow	289
historyMode	290
historyShow	291
httpCfgShow	293
i	294
ifModeSet	296
ifModeShow	298
interfaceShow	299
interopMode	303
iodReset	306
iodSet	307
iodShow	308
ipAddrSet	309
ipAddrShow	312
ipfilter	313
iscsiCfg	316
iscsiChipTest	324
iscsiHelp	325
iscsiPathTest	327
iscsiPortCfg	328
iscsiSessionCfg	331
iscsiSwCfg	333
islShow	334
isnscCfg	335
itemList	337
killTelnet	339
licenseAdd	340
licenseHelp	341
licenseIdShow	342
licensePort	343
licenseRemove	345
licenseShow	346
linkCost	347
login	349
logout	350
lsanZoneShow	351
lsDbShow	353
memShow	356
miniCycle	357
minisPropShow	362
msCapabilityShow	363
msConfigure	364
msPlatShow	366
msPlatShowDBCB	367
msPlClearDB	368
msPlMgmtActivate	369
msPlMgmtDeactivate	370
msTdDisable	371
msTdEnable	372
msTdReadConfig	373
myId	374
nbrStateShow	375
nbrStatsClear	376
nodeFind	378
nsAliasShow	380
nsAllShow	383
nsCamShow	384
nsShow	386
nsZoneMember	389
passwd	392
passwdCfg	395
pathInfo	400
pdShow	405
perfAddEEMonitor	406
perfAddIPMonitor	408
perfAddReadMonitor	409
perfAddRWMonitor	410
perfAddSCSIMonitor	411
perfAddUserMonitor	412
perfAddWriteMonitor	414
perfCfgClear	415
perfCfgRestore	416
perfCfgSave	417
perfClearAlpaCrc	418
perfClearFilterMonitor	419
perfDelEEMonitor	420
perfDelFilterMonitor	421
perfHelp	422
perfMonitorClear	423
perfMonitorShow	425
perfSetPortEEMask	429
perfShowAlpaCrc	431
perfShowEEMonitor	432
PerfTTmon	434
pkiCreate	437
pkiRemove	438
pkiShow	439
policy	440
portAlpaShow	443
portBufferShow	444
portCamShow	446
portCfg	448
portCfgAlpa	461
portCfgDefault	462
portCfgEPort	463
portCfgEXPort	464
portCfgGPort	467
portCfgISLMode	468
portCfgLongDistance	470
portCfgLPort	473
portCfgNPort	475
portCfgNPIVPort	476
portCfgPersistentDisable	478
portCfgPersistentEnable	479
PortCfgQos	480
portCfgShow	482
portCfgSpeed	488
portCfgTrunkPort	489
portCfgVEXPort	490
portCmd	493
portDebug	497
portDisable	498
portEnable	499
portErrShow	500
portFlagsShow	501
portLedTest	502
portLogClear	503
portLogConfigShow	504
portLogDisable	505
portLogDump	506
portLogDumpPort	507
portLogEnable	508
portLogEventShow	509
portLoginShow	510
portLogPdisc	511
portLogReset	512
portLogResize	513
portLogShow	514
portLogShowPort	519
portLogTypeDisable	520
portLogTypeEnable	521
portLoopbackTest	522
portMirror	525
portName	528
portPerfShow	529
portRouteShow	530
portShow	532
portStats64Show	545
portStatsClear	548
portStatsShow	549
portSwap	553
portSwapDisable	554
portSwapEnable	555
portSwapShow	556
portTest	557
portTestShow	559
portZoneShow	560
powerOffListSet	561
powerOffListShow	563
psShow	564
reboot	565
routeHelp	566
secActiveSize	567
secAuthSecret	568
secCertUtil	570
secDefineSize	573
secGlobalShow	574
secHelp	576
secPolicyAbort	577
secPolicyActivate	578
secPolicyAdd	579
secPolicyCreate	581
secPolicyDelete	584
secPolicyDump	585
secPolicyFCSMove	586
secPolicyRemove	587
secPolicySave	589
secPolicyShow	590
secStatsReset	592
secStatsShow	594
sensorShow	596
setDbg	597
setGbicMode	598
setMediaMode	599
setModem	600
setSfpMode	602
setVerbose	603
sfpShow	604
shellFlowControlDisable	608
shellFlowControlEnable	609
slotPowerOff	610
slotPowerOn	611
slotShow	612
slTest	615
snmpConfig	617
spinFab	624
statsClear	627
stopPortTest	628
supportFfdc	629
supportFtp	630
supportSave	632
supportShow	636
supportShowCfgDisable	641
supportShowCfgEnable	642
supportShowCfgShow	643
switchBeacon	644
switchCfgPersistentDisable	645
switchCfgPersistentEnable	646
switchCfgSpeed	647
switchCfgTrunk	648
switchDisable	649
switchEnable	650
switchName	651
switchReboot	652
switchShow	653
switchStatusPolicySet	658
switchStatusPolicyShow	660
switchStatusShow	662
switchUptime	664
switchViolation	665
syslogdFacility	666
syslogdIpAdd	667
syslogdIpRemove	668
syslogdIpShow	669
sysShutDown	670
systemVerification	672
tempShow	674
timeOut	675
topologyShow	676
traceDump	678
trackChangesHelp	679
trackChangesSet	680
trackChangesShow	681
trunkDebug	682
trunkShow	683
tsClockServer	685
tsTimeZone	687
turboRamTest	690
upTime	691
uRouteConfig	692
uRouteRemove	693
uRouteShow	694
usbStorage	696
userConfig	698
userRename	702
version	703
wwn	704
zone	705
zoneAdd	711
zoneCreate	712
zoneDelete	714
zoneHelp	715
zoneObjectCopy	716
zoneObjectExpunge	717
zoneObjectRename	718
zoneRemove	719
zoneShow	720
Primary FCS Commands	721
Primary FCS Commands	721
Control Processor Commands	723
Commands Supported on the Standby CP	723
Command Availability	725
Command Validation Checks	725
Command RBAC Permissions and AD Types	726

Match case Limit results 1 per page

Fabric OS Command Reference

553

53-1000599-01

secPolicyAdd

Adds members to an existing security policy.

Synopsis

secpolicyadd “

name”

, “

member

[

;

member

...]”

Description

Use this command to add

member

to an existing access policy. The new members must not already

be members within the policy or the command fails.

Each policy corresponds to a management method. The list of members of a policy acts as an

access control list for that management method. Before a policy is created, there is no

enforcement for that management method; all access is granted. After a policy has been created

and a member has been added to the policy, that policy becomes closed to all access except from

included members. If all members are then deleted from the policy, all access is denied for that

management method (the DCC_POLICY is an exception).

Notes

When FCS Policy is enabled, this command can be issued only from the Primary FCS switch. The

secpolicyadd

command can be issued on all switches for SCC and DCC policies as long as

fabric-wide consistency policy is not set for the particular policy.

Do not add the WWNs of front or translate (xlate) domains to the FCS policy if the edge fabric is

connected to an FC Router.

Operands

This command has the following operands:

“

name

”

Specify the name of an existing policy to which you want to add members

Valid values for this operand are:

•

DCC_POLICY_

nnn

•

FCS_POLICY

•

SCC_POLICY

The specified policy name must be capitalized.

The DCC_POLICY_

nnn

name has the common prefix DCC_POLICY_ followed

by a string of user-defined characters. These characters do not have to be

capitalized like regular policy names, but they are case sensitive.

NOTE

Back-up FCS switches typically cannot modify the policy. However, if Primary FCS switch in the policy

list is not reachable, then a back-up FCS switch is allowed to modify the policy. If all the reachable

back-up FCS switches are running pre-v5.3.0 versions of Fabric OS, a non-FCS v5.3.0 switch will be

allowed to modify the policy so that new switch can be added to the policy.

“

member

”

Specify a list of member switches for the security policy. The members must

be enclosed in quotation marks and separated by semicolons. Depending on

the policy type, members can be specified using IP address, WWN, domain,

switch name, or other.

WWN Member Policy Types

The following policy types require members be specified by WWN address:

•

FCS_POLICY

•

SCC_POLICY