HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.2 administrator guide (5697-0 - Page 504

Preparing a switch for FICON To verify and prepare a switch for use in a FICON environment, complete the following steps. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the switchShow command to verify that the switch and devices are online. 3. Change the routing policy on the switch from the default exchange-based policy to the required port-based policy for those switches with FICON devices directly attached using the aptPolicy command when working from the command line. For GUI-based procedures, see the Web Tools Administrator's Guide for configuring the routing policy using the FICON tab in WebTools. 4. Enter the ficonShow rnid command to verify that the FICON devices are registered with the switch. 5. Enter the ficonShow lirr command to verify that the FICON host channels are registered to listen for link incidents. See "FICON CUP" on page 503 for details about using FICON CUP. Single switch configuration Single-switch configuration does not require IDID or fabric binding, provided that connected channels are configured for single-byte addressing. However, you should configure IDID to ensure that domain IDs are maintained. Configuring a high-integrity fabric Perform the following steps to configure a high-integrity fabric for a cascaded configuration. 1. Disable each switch in the fabric. 2. For each switch: a. Enable the IDID flag. b. Set the domain ID. 3. Enable the switches; this builds the fabric. 4. Set the SCC policy, as described in Chapter 4, "Configuring advanced security features" on page 117. 5. Configure the Switch Connection Control policies on all switches to limit connectivity only to the switches in the selected fabric using the secPolicyCreate command. switch:admin> secPolicyCreate SCC_POLICY, member;...;member where: member indicates a switch that is permitted to join the fabric. Specify switches by WWN, domain ID, or switch name. Enter an asterisk (*) to indicate all the switches in the fabric. To create a policy that includes all the switches in the fabric, enter the following: switch:admin> secPolicyCreate SCC_POLICY "*" 6. Save or activate the new policy, enter either the secPolicySave or the secPolicyActivate command. If neither of these commands is entered, the changes are lost when the session is logged out. To activate the SCC policy: switch:admin> secPolicyActivate 7. Enable ACL Fabric Wide Consistency Policy and enforce a strict SCC policy switch:admin> fddcfg --fabwideset "SCC:S" 8. Connect and enable channel and control unit (CU) devices. The Query for Security Attributes (QSA) response to the channel indicates that the fabric binding and IDID are enabled. Figure 84 and Figure 85 show two viable cascaded configurations. These configurations require Channel A to be configured for two-byte addressing and require IDID and fabric binding. HP recommends that there are only 2 domains in a path from a FICON Channel interface to a FICON Control Unit interface. 500 FICON fabrics