Dell PowerConnect Brocade M6505 Brocade 7.1.0 Access Gateway Administrator's G - Page 57
Enabling and disabling the ADS policy, Allow lists, Setting the list of devices allowed to log
View all Dell PowerConnect Brocade M6505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 57 highlights
Advanced Device Security policy 3 Enabling and disabling the ADS policy By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the configuration using the configUpload command in case you need this configuration again. 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --policyenable ads command to enable the ADS policy. switch:admin> ag --policyenable ads The policy ADS is enabled 3. Enter the ag --policydisable ads command to disable the ADS policy. switch:admin> ag --policydisable ads The policy ADS is disabled NOTE Use the ag --policyshow command to determine the current status of the ADS policy. Allow lists You can determine which devices are allowed to log in on a per-F_Port basis by specifying lists of F_Ports and device WWNs in the ag --adsset command. The ADS policy must be enabled for this command to succeed. ag --adsset "F_Port [;F_Port2;...]" "WWN [;WWN2;...]" Lists must be enclosed in quotation marks. List members must be separated by semicolons. The maximum number of entries in the allowed device list is twice the per-port maximum login count. Use an asterisk (*) instead of port numbers in the F_Port list to add the specified WWNs to all the F_Ports allow lists. Use an asterisk (*) instead of WWNs to indicate access to all devices from the specified F_Port list. A blank WWN list ("") indicates no access. NOTE Use an asterisk enclosed in quotation marks ("*") to set the allow list to "all access"; use a pair of double quotation marks ("") to set the allow list to "no access". Note the following characteristics of the allow list: • The maximum device entries allowed in the allow list is twice the per-port maximum login count. • Each port can be configured to "not allow any device" or "to allow all the devices" to log in. • If the ADS policy is enabled, by default, every port is configured to allow all devices to log in. • The same allow list can be specified for more than one F_Port. Setting the list of devices allowed to log in 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate options to set the list of devices allowed to log in to specific ports. In the following example, ports 1, 10, and, 13 are set to "all access." switch:admin> ag --adsset "1;10;13" "*" WWN list set successfully as the Allow Lists of the F_Port[s] Access Gateway Administrator's Guide 37 53-1002743-01