HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.2 administrator guide (5697-0 - Page 144

ACL policy distribution to other switches This section explains how to manually distribute local ACL policy databases. The distribute command has the following dependencies: • All target switches must be running Fabric OS 5.2.0 or later. • All target switches must accept the database distribution (see "Database distribution settings" on page 140). • The fabric must have a tolerant or no (absent) fabric-wide consistency policy (see "Fabric-wide enforcement" on page 142). If the fabric-wide consistency policy for a database is strict, the database cannot be manually distributed. When you set a strict fabric-wide consistency policy for a database, the distribution mechanism is automatically invoked whenever the database changes. • The local distribution setting must be accepted. To be able to initiate the distribute command, set the local distribution to accept. Table 36 describes how the target switch database distribution settings affect the distribution. Table 36 ACL policy database distribution behavior Target switch Distribution Results Fabric OS Database version setting 5.1.0 or NA Fails earlier 5.2.0 Reject Fails An error is returned. The entire transaction is aborted and no databases are updated. The target switch explicitly refuses the distribution. The entire transaction is aborted and no databases are updated. Accept Succeeds The target switch accepts the distribution. Distributing the local ACL policies 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the following command: distribute -p -d where: database_id A semicolon-separated list of the local databases to be distributed: SCC, DCC, or both. switch_list A semicolon-separated list of switch Domain IDs, switch names, or switch WWN addresses of the target switches that will receive the distribution. Use an asterisk (*) to distribute the database to all Fabric OS 5.2.0 and later switches in the fabric. For example, entering the command distribute -p SCC -d "*" distributes the SCC policy to all 5.2.0 and later switches in the fabric. Fabric-wide enforcement The fabric-wide consistency policy enforcement setting determines the distribution behavior when changes to a policy are activated. Using the tolerant or strict fabric-wide consistency policy ensures that changes to local ACL policy databases are automatically distributed to other switches in the fabric. When you set the fabric-wide consistency policy using the fddCfg command with the --fabwideset option, both the fabric-wide consistency policy and specified database are distributed to the fabric.The active policies of the specified databases overwrite the corresponding active and defined policies on the target switches. Policy changes that are saved but not activated are stored locally until a policy database change is activated. Activating a policy automatically distributes the Active policy set for that policy type (SCC, DCC, or both) to the other switches in the fabric. 142 Configuring advanced security features