Dell PowerEdge M420 8/4 Gbps FC SAN Module Administrator's Guide - Page 23

Advanced Device Security policy 3 NOTE Use the ag --policyshow command to determine the current status of the ADS policy. Setting the list of devices allowed to log in You can determine which devices are allowed to log in by internal (F_Port) by specifying the device's port WWN (PWWN). Lists must be enclosed in double quotation marks. List members must be separated by semicolons. The maximum number of entries in the allowed device list is twice the per port maximum log in count. Replace the WWN list with an asterisk (*) to indicate all access on the specified internal port list. Replace the internal port list with an asterisk (*) to add the specified WWNs to all the internal ports' allow lists. A blank WWN list ("") indicates no access. The ADS policy must be enabled for this command to succeed. NOTE Use an asterisk enclosed in quotation marks,"*", to set the Allow list to "All Access" to all internal ports; use a pair of double quotation marks ("") to set the Allow list to "No Access". Note the following characteristics of the Allow List: • The maximum device entries allowed in the Allow List is twice the per port max login count. • Each port can be configured to "not allow any device" or "to allow all the devices" to log in. • If the ADS policy is enabled, by default, every port is configured to allow all devices to log in. • The same Allow List can be specified for more than one internal port. 1. Connect to the FC SAN Module and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate operands to set the list of devices allowed to log into specific ports. In the following example, ports 1, 10, and, 13 are set to "all access." switch:admin> ag--adsset"1;10;13""*" WWN list set successfully as the Allow Lists of the F_Port[s] Setting the list of devices not allowed to log in 1. Connect to the FC SAN Module and log in using an account assigned to the admin role. 2. Enter the ag --adsset command with the appropriate operands to set the list of devices not allowed to log into specific ports. In the following example, ports 11 and 12 are set to "no access." switch:admin > ag --adsset "11;12" "" WWN list set successfully as the Allow Lists of the F_Port[s] Removing devices from the list of allowed devices Use the ag --adsdel command to delete the specified WWNs from the list of devices allowed to log in to the specified internal ports (F_Ports). Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the internal port list with an asterisk (*) to remove the specified WWNs from all the internal ports' allow lists. The ADS policy must be enabled for this command to succeed. Dell 8/4Gbps FC SAN Module Administrator's Guide 9 53-1001345-01