HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 60

Creating Secure Fabric OS Policies Note: Providing fabric access to proxy servers is strongly discouraged. When a proxy server is included in a MAC policy for IP-based management, such as the HTTP_POLICY, all IP packets leaving the proxy server appear to originate from the proxy server. This could result in allowing any hosts that have access to the proxy server to access the fabric. By default, all access is allowed; no MAC policies exist until they are created by the administrator. Creating an SNMP Policy You can create read and write SNMP policies to specify which SNMP hosts are allowed read and write access to the fabric. The SNMP hosts must be identified by IP address. ■ RSNMP_POLICY (read access) Only the specified SNMP hosts can perform read operations on the fabric. ■ WSNMP_POLICY (write access) Only the specified SNMP hosts can perform write operations to the fabric. Any host granted write permission by the WSNMP policy is automatically granted read permission by the RSNMP policy. Note: Once an SNMP policy is created, it must contain all members of the FCS policy, to ensure consistent read/write access to the Primary FCS switch. Table 4 lists the expected read and write behaviors resulting from combinations of the RSNMP and WSNMP policies. Table 4: Read and Write Behaviors of SNMP Policies RSNMP Policy Non-existent Non-existent Non-existent WSNMP Policy Non-existent Empty Host B in policy Read Result Any host can read Any host can read Any host can read Write Result Any host can write No host can write Only B can write 60 Secure Fabric OS Version 1.0 User Guide