HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 419

Preparing a switch To verify and prepare a switch for use in a FICON environment, complete the following steps: 1. Connect to the switch and log in as admin. 2. Enter the switchShow command to verify that the switch and devices are online. 3. Change the routing policy on the switch from the default exchange-based policy to the required port-based policy for those switches with FICON devices directly attached using the aptPolicy command when working from the command line. For GUI-based procedures, see the Web Tools Administrator's Guide for configuring the routing policy using the FICON tab in Web Tools. 4. Enter the ficonshow rnid command to verify that the FICON devices are registered with the switch. 5. Enter the ficonshow lirr command to verify that the FICON host channels are registered to listen for link incidents. 6. Optionally, see "Using FICON CUP" on page 422 for details about using FICON CUP. Configuring a single switch Single-switch configuration does not require IDID or fabric binding, provided that connected channels are configured for single-byte addressing. However, you should configure IDID to ensure that Domain IDs are maintained. Configuring a high-integrity fabric To configure a high-integrity fabric (cascaded configuration): 1. Disable each switch in the fabric. 2. For each switch: a. Enable the IDID flag. b. Set the Domain ID. 3. Enable the switches; this builds the fabric. 4. Set the SCC policy, as described in "Configuring advanced security features" on page 17. 5. Configure the Switch Connection Control policies on all switches to limit connectivity to only the switches in the selected fabric using the secPolicyCreate command. switch:admin> secPolicyCreate SCC_POLICY, member;...;member Where: member indicates a switch that is permitted to join the fabric. Specify switches by WWN, Domain ID, or switch name. Enter an asterisk (*) to indicate all the switches in the fabric. To create a policy that includes all the switches in the fabric: switch:admin> secPolicyCreate SCC_POLICY "*" 6. Save or activate the new policy, enter either the secPolicySave or the secPolicyActivate command. If neither of these commands is entered, the changes are lost when the session is logged out. To activate the SCC policy: switch:admin> secPolicyActivate 7. Enable ACL Fabric Wide Consistency Policy and enforce a strict SCC policy: switch:admin> fddcfg --fabwideset "SCC:S" 8. Connect and enable channel and control unit (CU) devices. The Query for Security Attributes (QSA) response to the channel indicates that the fabric binding and IDID are enabled. Fabric OS 6.1.x administrator guide 419