HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 161

If you specify AD name = "AD15" and the lowest available AD number is 6, then AD name is "AD15" and AD number is 15. Because the specified name is in the format "ADn", the AD number is assigned to be n and not the lowest available AD number. The Admin Domain name cannot exceed 63 characters and can contain alphabetic and numeric characters. The only special character allowed is an underscore ( _ ). When you create an Admin Domain, you must specify at least one member (switch, switch port, or device). You cannot create an empty Admin Domain. For more information about these member types, see "Admin Domain member types" on page 156. You create Admin Domains in the transaction buffer using the ad --create command. You can either save the newly created Admin Domain to a defined configuration (using ad --save) or make it the effective Admin Domain configuration directly (using ad --apply). The following procedures describe the steps for creating Admin Domains and include examples. To create an Admin Domain: 1. Log in as the physical fabric administrator to an AD-aware switch in the fabric. 2. Set the default zone mode to No Access, if you have not already done so. See "To set the default zone mode:" on page 160 for instructions. 3. Switch to the AD255 context, if you are not already in that context: ad --select 255 4. Enter the ad --create command using the -d option to specify device and switch port members and the -s option to specify switch members: ad --create ad_id -d "dev_list" -s "switch_list" where ad_id is the Admin Domain name or number, dev_list is a list of device WWNs or domain,port members, and switch_list is a list of switch WWNs or Domain IDs. 5. To end the transaction now, enter ad --save to save the Admin Domain definition or enter ad --apply to save the Admin Domain definition and directly apply the definitions to the fabric. The following example creates Admin Domain AD1, consisting of two switches, which are designated by Domain ID and switch WWN. sw5:AD255:admin> ad --create AD1 -s "97; 10:00:00:60:69:80:59:13" The following example creates Admin Domain "blue_ad," consisting of two switch ports (designated by domain,port), one device (designated by device WWN), and two switches (designated by Domain ID and switch WWN). sw5:AD255:admin> ad --create blue_ad -d "100,5; 1,3; 21:00:00:e0:8b:05:4d:05; -s "97; 10:00:00:60:69:80:59:13" Assigning a user to an Admin Domain After you create an Admin Domain, you can specify one or more user accounts as the valid accounts who can use that Admin Domain. You create these user accounts using the userConfig command. User accounts have the following characteristics with regard to Admin Domains: • A user account can only have a single role. You can choose roles from one of the seven types of roles, either the existing user and administrator role or one of the other RBAC roles. • You can configure a user account to have access to the physical fabric through AD255 and to a list of Admin Domains (AD0-AD254). • You can configure a user account to have access to only a subset of your own Admin Domain list. Only a physical fabric administrator can create another physical fabric administrator user account. • Users capable of using multiple Admin Domains, can designate one of these Admin Domains as the home Admin Domain, which is the default Admin Domain context after login. • If you do not specify one, the home Admin Domain is the lowest valid Admin Domain in the numerically-sorted AD list. • Users can log in to their Admin Domains and create their own Admin Domain-specific zones and zone configurations. Fabric OS 6.1.x administrator guide 161