HP StorageWorks 8/80 Brocade Access Gateway Administrator's Guide v6.2.0 (53-1 - Page 46

2 Configuration management for trunk areas Enabling the DCC policy on trunk 1. After you assign a Trunk Area, the porttrunkarea CLI checks whether there are any active DCC policies on the port with the index TA, and then issues a warning to add all the device WWNs to the existing DCC policy with index as TA. All DCC policies that refer to an Index that no longer exist will not be in effect. 2. Add the WWN of all the devices to the DCC policy against the TA. 3. Issue the secpolicyactivate command to activate the DCC policy. You must enable the TA before issuing the secpolicyactivate command in order for security to enforce the DCC policy on the trunk ports. 4. Turn on the trunk ports. Trunk ports should be turned on after issuing the secpolicyactivate command to prevent the ports from becoming disabled in the case where there is a DCC security policy violation. Configuration management for trunk areas Ports from different ADs are not allowed to join the same Trunk Area group. The porttrunkarea command prevents the different AD's from joining the TA group. When you assign a TA, the ports within the TA group will have the same Index. The Index that was assigned to the ports is no longer part of the switch. Any Domain,Index (D,I) AD that was assumed to be part of the domain may no longer exist for that domain because it was removed from the switch. Example: How Trunk Area assignment affects the port Domain,Index If you have AD1: 3,7; 3,8; 4,13; 4,14 and AD2: 3,9; 3,10, and then create a TA with Index 8 with ports that have index 7, 8, 9, and 10. Then index 7, 9, and 10 are no longer with domain 3. This means that AD2 does not have access to any ports because index 9 and 10 no longer exist on domain 3. This also means that AD1 no longer has 3,7in effect because Index 7 no longer exists for domain 3. AD1's 3,8, which is the TA group, can still be seen by AD1 along with 4,13 and 4,14. A port within a TA can be removed, but this adds the Index back to the switch. For example, the same AD1 and AD2 with TA 8 holds true. If you remove port 7 from the TA, it adds Index 7 back to the switch. That means AD1's 3,7 can be seen by AD1 along with 3,8; 4,13 and 4,14. Enabling Access Gateway trunking 1. Disable ports 36 - 39 by executing portdisable port for each port to be included in the TA. 2. Enable Trunk Area for ports 36 - 39 with area number 37: switch:admin> porttrunkarea --enable 36-39 -index 37 Trunk area 37 enabled for ports 36, 37, 38 and 39. 3. Re-enable ports 36-39 by executing portenable port for each port in the TA. 4. Show switch/port information: switch:admin> switchshow switchName: SPIRIT_B4_01 28 Access Gateway Administrator's Guide 53-1001189-01