HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 65

Creating Secure Fabric OS Policies Example, creating an HTTP policy to allow anyone on a network "192.168.5.0/24" to establish an HTTP connection to any switch in the fabric: primaryfcs:admin> secPolicyCreate "HTTP_POLICY", "192.168.5.0" HTTP_POLICY has been created. primaryfcs:admin> API Policy The API policy can be used to specify which workstations can use API to access the fabric and to limit write access to the Primary FCS. The policy is named API_POLICY and contains a list of the IP addresses that are allowed to establish an API connection to switches in the fabric. The possible API policy states are shown in Table 7. Table 7: API Policy States Policy State No policy Policy with no entries Policy with entries Characteristics All workstations can establish an API connection to any switch in the fabric. No host can establish an API connection to any switch in the fabric. Only specified hosts can establish an API connection to any switch in the fabric, and write operations can only be performed on the Primary FCS switch. To create an API policy: 1. From a sectelnet or SSH session, log into the Primary FCS switch as Admin. 2. Enter the following: secpolicycreate policy_name, "member;...;member" Where: ■ policy_name is API_POLICY. ■ member is one or more IP addresses in dot-decimal notation. You can enter "0" in an octet to indicate that any number can be matched in that octet. Secure Fabric OS Version 1.0 User Guide 65