HP StorageWorks 8/80 Brocade Fabric OS Command Reference Guide v6.1.0 (53-1000 - Page 598
secPolicyCreate, Connection Control DCC
View all HP StorageWorks 8/80 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 598 highlights
2 secPolicyCreate secPolicyCreate Creates a new security policy. Synopsis secpolicycreate "name" [, "member[;member...]"] Description Use this command to create a new policy and to edit Switch Connection Control (SCC), Device Connection Control (DCC), and Fabric Configuration Server (FCS) policies on the local switch. All policies can be created only once, except for the DCC_POLICY_nnn. Each DCC_POLICY_nnn must have a unique name. This command can be issued on all switches in the current fabric for SCC and DCC policies if they are not intended to be fabric-wide. Adding members while creating a policy is optional. You can add members to a policy later, using the secPolicyAdd command. Each policy corresponds to a management method. The list of members of a policy acts as an access control list for that management method. Before a policy is created, there is no enforcement for that management method, which is all access is granted. After a policy is created and a member is added to the policy, that policy is closed to all access except to included members. If all members are then deleted from the policy, all access is denied for that management access method. All newly created policies are saved on the local switch only, unless the switch has a fabric-wide consistency policy for that policy. Notes When FCS Policy is enabled, this command can be issued only from the Primary FCS switch. The execution of this command is subject to Admin Domain restrictions that may be in place. Refer to chapter 1, "Understanding Admin Domain Restrictions" and Appendix A, "Command Availability" for details. Operands This command has the following operands: "name" Specify the name of the policy you want to create. Valid values for this operand are: • DCC_POLICY_nnn • SCC_POLICY • FCS_POLICY The specified policy name must be capitalized. The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed by a string of user-defined characters. These characters do not have to be capitalized like regular policy names. Valid values for DCC_POLICY_nnn are user-defined alphanumeric or underscore characters. The maximum length is 30 characters, including the prefix DCC_POLICY_. secpolicycreate DCC_POLICY "*" may be used to indicate DCC lockdown. This command creates a unique policy for each port in the fabric locking it down to the device connected or creating an empty policy to disallow any device to be connected to it. This can be done only when there are no other DCC policies defined on the switch. 572 Fabric OS Command Reference 53-1000599-02