HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 66

Creating Secure Fabric OS Policies 3. To save or activate the new policy, enter the secpolicysave or the secpolicyactivate command. If neither of these commands are entered, the changes are lost when you log out. For more information about these commands, see "Saving Changes to Secure Fabric OS Policies" on page 77 and "Activating Changes to Secure Fabric OS Policies" on page 77. Example, creating an API policy to allow anyone on a network "192.168.5.0/24" to establish an API connection to any switch in the fabric: primaryfcs:admin> secPolicyCreate "API_POLICY", "192.168.5.0" API_POLICY has been created. primaryfcs:admin> Management Server Policy You can create the Management Server policy to restrict management server access to specified devices. Fabric configuration and control functions can be performed only by requesters that are directly connected to the Primary FCS switch. The policy is named MS_POLICY and contains a list of device port WWNs for which the management server implementation in Fabric OS (designed according to FC-GS-3 standard) accepts and acts on requests. The possible Management Server policy states are shown in Table 8. Table 8: Management Server Policy States Policy State No policy Policy with no entries Policy with entries Characteristics All devices can access the management server. No devices can access the management server. Specified devices can access the management server. To create a Management Server policy: 1. From a sectelnet or SSH session, log into the Primary FCS switch as Admin. 2. Enter the following: secpolicycreate policy_name, "member;...;member" Where: ■ policy_name is MS_POLICY. ■ member is a device WWN. 66 Secure Fabric OS Version 1.0 User Guide