Dell Brocade 6510 Access Gateway Administrator's Guide 7.1.0 - Page 27
Supported policy modes, Fabric OS Administrator's Guide, Fabric OS Command Reference - install guide
View all Dell Brocade 6510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 27 highlights
Fabric OS features in Access Gateway mode 1 For details on installing FCAP certificates and creating DHCAP secrets on the switch in AG or native mode, refer to the Fabric OS Administrator's Guide or Fabric OS Command Reference. For general information on authentication, refer to the section on authentication policy for fabric elements in the Configuring Security Policies chapter of the Fabric OS Administrator's Guide. Supported policy modes The following switch and device policy modes are supported by Access Gateway: • On - Strict authentication will be enforced on all ports. The ports on the AG connected to the switch or device will disable if the connecting switch or device does not support authentication or the policy mode is set to off. During AG initialization, authentication initiates on all ports automatically. • Off - The AG switch does not support authentication and rejects any authentication negotiation request from the connected fabric switch or HBA. A fabric switch with the policy mode set to off should not be connected to an AG switch with policy mode set to on since the on policy is strict. This will disable the port if any switch rejects the authentication. You must configure DH-CHAP shared secrets or install FCAP certificates on the AG and connected fabric switch before switching from a policy off mode to policy on mode. Off is the default mode for both switch and device policy. • Passive - The AG does not initiate authentication when connected to a device, but participates in authentication if the connecting device initiates authentication. The AG will not initiate authentication on ports, but accepts incoming authentication requests. Authentication will not disable AG F_Ports if the connecting device does not support authentication or the policy mode is set to off. Passive mode is the safest mode to use for devices connected to an AG switch if the devices do not support authentication. To perform authentication with switch policy, the on and off policy modes are supported on the AG switch. To perform authentication with device policy, the on, off, and passive modes are supported on the AG switch. Table 2 on page 8 describes the authentication behavior between a sending AG switch and receiving fabric switch. Access Gateway Administrator's Guide 7 53-1002743-01