HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 74

Creating Secure Fabric OS Policies Creating an SCC Policy You can create an SCC policy to manage which switches can join the fabric. Switches are checked against the policy each time: ■ Secure Mode is enabled. ■ The fabric is initialized with Secure Mode enabled. ■ An E_Port to E_Port connection is made. The policy is named SCC_POLICY, and can accept members listed as WWNs, Domain IDs, or switch names. You can only create one SCC policy. By default, any switch is allowed to join the fabric; the SCC policy does not exist until it is created by the administrator. Note: Once an SCC policy is created, it must list all the switches in the fabric to prevent switches from being segmented from the fabric. In particular, ensure that the SCC policy lists all the members of the FCS policy, to ensure consistent access to the Primary FCS switch. The possible SCC policy states are shown in Table 13. Table 13: SCC Policy States Policy State No policy Policy with no entries Policy with entries Characteristics All switches can be in the fabric. The SCC policy cannot be empty. The policy must contain all the FCS switches. The SCC policy must contain all the FCS switches but it can also contain additional switches. To create an SCC policy: 1. Log into the Primary FCS switch as Admin from a sectelnet or SSH session. 2. Enter the following: secpolicycreate SCC_POLICY, "member;...;member" Where member indicates a switch that you want to be able to join the fabric. Switches can be specified by WWN, Domain ID, or switch name. You can enter an asterisk (*) to indicate all switches in the fabric. 74 Secure Fabric OS Version 1.0 User Guide