Home » HP Manuals » Storage Devices » HP StorageWorks MSA 2/8 » Manual Viewer

HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 59

Table 3: Valid Methods for Specifying Policy Members, Creating a MAC Policy

View all HP StorageWorks MSA 2/8 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 59 highlights

Creating Secure Fabric OS Policies Table 3: Valid Methods for Specifying Policy Members Policy Name FCS_POLICY MAC Policies RSNMP_POLICY WSNMP_POLICY TELNET_POLICY HTTP_POLICY API_POLICY MS_POLICY SERIAL_POLICY FRONTPANEL_POLICY OPTIONS_POLICY DCC_POLICY_nnn SCC_POLICY IP Address Device Port WWN Switch Domain Switch WWN IDs Names No No Yes Yes Yes No No No No No Yes No No No No Yes No No No No Yes No No No No Yes No No No No Yes No No No No No Yes No No No No No Yes Yes Yes No No Yes Yes Yes For information about valid input, see "Creating an Options Policy" on page 70. No Yes Yes Yes Yes No No Yes Yes Yes Note: If IP addresses are used, you can use "0" in an octet to indicate that any number can be matched for that octet. For example, 192.168.11.0 would allow access for all IP devices in the network 192.168.11. If Domain IDs or switch names are used, the corresponding switches must be in the fabric for the command to succeed. Creating a MAC Policy You can create MAC policies to restrict the following management access to the fabric: ■ Access by hosts using SNMP, telnet/sectelnet/SSH, HTTP, or API ■ Access by device ports using Management Server ■ Access through switch serial ports and front panels Secure Fabric OS Version 1.0 User Guide 59

Section	Page
Contents	3
About this Guide	7
Overview	8
Intended Audience	8
Related Documentation	8
Conventions	9
Document Conventions	9
Table 1: Document Conventions	9
Text Symbols	9
Getting Help	11
HP Technical Support	11
HP Storage Website	11
HP Authorized Reseller	11
Introducing Secure Fabric OS	13
Security of Management Channels	14
Secure Shell	14
Sectelnet	15
Telnet	15
Switch-to-Switch Authentication Using PKI	16
Fabric Configuration Server Switches	17
Fabric Management Policy Set	19
Available Secure Fabric OS Policies	19
Adding Secure Fabric OS to the Fabric	21
Adding Secure Fabric OS to the Fabric	22
Identifying the Current Version of Fabric OS	23
Adding Secure Fabric OS to Switches Shipped with Fabric OS v3.1.x or v4.1.x	24
Customizing the Account Passwords	24
Verifying or Activating the Secure Fabric OS and Zoning Licenses	25
Adding Secure Fabric OS to Switches that Require Upgrading	27
Upgrading to a Compatible Version of Fabric OS	28
Customizing the Account Passwords	29
Verifying or Activating the Secure Fabric OS and Zoning Licenses	30
Installing the PKICERT Utility	30
Using the PKICERT Utility to Obtain the CSR File	31
Obtaining the Digital Certificate File	34
Distributing Digital Certificates to the Switches	35
Verifying Installation of the Digital Certificates	38
Re-creating PKI Objects If Required	39
Adding Secure Fabric OS to a Core Switch 2/64	41
Installing a Supported CLI Client on a Computer Workstation	45
Creating Secure Fabric OS Policies	47
Default Fabric and Switch Accessibility	48
Enabling Secure Mode	49
Modifying the FCS Policy	54
Table 2: FCS Policy States	54
Changing the Position of a Switch Within the FCS Policy	55
Failing over the Primary FCS Switch	56
Creating Secure Fabric OS Policies Other Than the FCS Policy	58
Table 3: Valid Methods for Specifying Policy Members	59
Creating a MAC Policy	59
Creating an SNMP Policy	60
Table 4: Read and Write Behaviors of SNMP Policies (Continued)	60
Telnet Policy	62
Table 5: Telnet Policy States	63
HTTP Policy	64
Table 6: HTTP Policy States	64
API Policy	65
Table 7: API Policy States	65
Management Server Policy	66
Table 8: Management Server Policy States	66
Serial Port Policy	67
Table 9: Serial Port Policy States	67
Front Panel Policy	68
Table 10: Front Panel Policy States	69
Creating an Options Policy	70
Table 11: Options Policy States	70
Creating a DCC Policy	71
Table 12: DCC Policy States	72
Creating an SCC Policy	74
Table 13: SCC Policy States	74
Managing Secure Fabric OS Policies	76
Saving Changes to Secure Fabric OS Policies	77
Activating Changes to Secure Fabric OS Policies	77
Adding a Member to an Existing Policy	78
Removing a Member from a Policy	79
Deleting a Policy	80
Aborting All Uncommitted Changes	80
Aborting a Secure Fabric OS Transaction	81
Managing Secure Fabric OS	83
Viewing Secure Fabric OS-Related Information	84
Displaying General Secure Fabric OS Information About a Fabric	84
Viewing the Secure Fabric OS Policy Database	85
Displaying Individual Secure Fabric OS Policies	86
Displaying Status of Secure Mode	88
Table 14: Secure Mode Information	88
Displaying and Resetting Secure Fabric OS Statistics	90
Table 15: Secure Fabric OS Statistics (Continued)	90
Displaying Secure Fabric OS Statistics	91
Resetting Secure Fabric OS Statistics	92
Managing Passwords	94
Table 16: Login Account Behavior with Secure Mode Disabled and Enabled	95
Modifying Passwords in Secure Mode	96
Modifying the FCS Switch Passwords or the Fabric-wide User Password	96
Modifying the Non-FCS Switch Admin Password	97
Using Temporary Passwords	97
Creating a Temporary Password for a Switch	98
Removing a Temporary Password from a Switch	99
Resetting the Version Number and Time Stamp	100
Adding Switches and Merging Secure Fabrics	101
Table 17: Moving Switches Between Fabrics	102
Troubleshooting	106
Table 18: Recovery Processes (Continued)	106
Frequently Asked Questions	108
General	108
Management Access	109
Digital Certificates and PKI Objects	110
Merging Fabrics	111
Passwords	111
Secure Fabric OS Commands and Secure Mode Restrictions	113
Secure Fabric OS Commands	114
Table 19: Secure Fabric OS Commands	114
Command Restrictions in Secure Mode	117
Secure Fabric OS Commands	117
Table 20: Secure Fabric OS Commands Executable on Specific Switches When Secure Mode Is Enabled	117
Zoning Commands	118
Table 21: Zoning Commands Executable on the Primary FCS Switch	118
Miscellaneous Commands	119
Table 22: Miscellaneous Commands Executable on Specific Switches	119
Removing Secure Fabric OS Capability	121
Preparing the Fabric for Removal of Secure Fabric OS Policies	122
Disabling Secure Mode	123
Deactivating the Secure Fabric OS License on Each Switch	125
Uninstalling Related Items from the Host	126