Dell Brocade G620 Brocade 8.0.1 Fabric OS Administratiors Guide - Page 246
Matching fabric-wide consistency policies
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 246 highlights
Configuring Security Policies The enforcement of fabric-wide consistency policy involves comparison of the Active policy set. If the ACL polices match, the switch joins the fabric successfully. If the ACL policies are absent either on the switch or on the fabric, the switch joins the fabric successfully, and the ACL policies are copied automatically from where they are present to where they are absent. The Active policy set where it is present overwrites the Active and Defined policy set where it is absent. If the ACL policies do not match, the switch cannot join the fabric and the neighboring E_Ports are disabled. Use the fddCfg --fabwideset command on either this switch or the fabric to set a matching strict SCC, DCC, or FCS fabric-wide consistency policy. Use ACL policy commands to delete the conflicting ACL policy from one side to resolve ACL policy conflict. If neither the fabric nor the joining switch is configured with a fabric-wide consistency policy, there are no ACL merge checks required. Under both conflicting conditions, secPolicyActivate is blocked in the merged fabric. Use the distribute command to explicitly resolve conflicting ACL policies. The above descriptions also apply to joining two fabrics. In this context, the joining switch becomes a joining fabric. Matching fabric-wide consistency policies This section describes the interaction between the databases with active SCC and DCC policies and combinations of fabric-wide consistency policy settings when fabrics are merged. For example: Fabric A with SCC:S;DCC (strict SCC and tolerant DCC) joins Fabric B with SCC:S;DCC (strict SCC and tolerant DCC), the fabrics can merge as long as the SCC policies match, including the order SCC:S;DCC and if both are set to strict. Table 52 describes the impact of merging fabrics with the same fabric-wide consistency policy that have SCC, DCC, or both policies. TABLE 52 Merging fabrics with matching fabric-wide consistency policies Fabric-wide consistency policy Fabric A ACL policies Fabric B ACL policies None None None None SCC/DCC Tolerant None None None SCC/DCC SCC/DCC SCC/DCC Merge results Succeeds Succeeds Succeeds Succeeds Succeeds Strict None None None SCC/DCC Succeeds Succeeds Matching SCC/DCC Matching SCC/DCC Succeeds Different SCC/DCC policies Different SCC/DCC policies Fails Database copied No ACL policies copied. No ACL policies copied. No ACL policies copied. ACL policies are copied from B to A. If A and B policies do not match, a warning displays and policy commands are disabled. 6 No ACL policies copied. ACL policies are copied from B to A. No ACL policies copied. Ports are disabled. Non-matching fabric-wide consistency policies You may encounter one of the following two scenarios described in Table 53 and Table 54 where you are merging a fabric with a strict policy to a fabric with an absent, tolerant, or non-matching strict policy and the merge fails and the ports are disabled. 6 To resolve the policy conflict, manually distribute the database you want to use to the switch with the mismatched database. Until the conflict is resolved, commands such as fddCfg --fabwideset and secPolicyActivate are blocked. Brocade Fabric OS Administration Guide, 8.0.1 246 53-1004111-02