Dell PowerEdge M420 8/4 Gbps FC SAN Module Administrator's Guide - Page 22
FC SAN Module policy enforcement matrix, Advanced Device Security policy, How the ADS policy works
View all Dell PowerEdge M420 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 22 highlights
3 Advanced Device Security policy FC SAN Module policy enforcement matrix The following table shows which combinations of policies can co-exist with each other. TABLE 4 Policy enforcement matrix Policies Auto Port Configuration Port Grouping ADS Policy Auto Port Configuration N/A Cannot co-exist Can co-exist N_Port Grouping Mutually exclusive N/A Can co-exist ADS Policy Can co-exist Can co-exist N/A Advanced Device Security policy The Advanced Device Security (ADS) is disabled by default for the FC SAN Module. ADS is a security policy that restricts access to the fabric at the to a set of authorized devices. Unauthorized access is rejected and the system logs a RASLOG message. You can configure the list of allowed devices for each internal port (F_Port) by specifying their Port WWN (PWWN). The ADS policy secures virtual and physical connections to the SAN. How the ADS policy works When you enable this policy, it applies to all internal ports (F_Ports) on the FC SAN Module. By default, all devices have access to the fabric on all ports. You can restrict the fabric connectivity to a particular set of devices where FC SAN Module maintains a per-port allow list for the set of devices whose PWWN you define to log in through an internal port. You can view the devices with active connections to an internal port using the ag --show command. NOTE The ag --show command only displays the Core FC SAN Module, such as the modules that are directly connected to fabric. The agshow --name name command displays the internal ports of both the Core and Edge modules. Enabling and disabling the Advanced Device Security policy By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the configuration using the configupload command in case you need this configuration again. 1. Connect to the FC SAN Module and log in using an account assigned to the admin role. 2. Enter the ag --policyenable ads command to enable the ADS policy. switch:admin> ag --policyenable ads The policy ADS is enabled 3. Enter the ag --policydisable ads command to disable the ADS policy. switch:admin> ag --policydisable ads The policy ADS is disabled 8 Dell 8/4Gbps FC SAN Module Administrator's Guide 53-1001345-01