HP A7533A HP StorageWorks Fabric OS 6.x administrator guide (5697-0015, May 20 - Page 104
Distributing an FCS policy
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 104 highlights
For example, to move a backup FCS switch from position 2 to position 3 in the FCS list, using interactive mode: primaryfcs:admin> secpolicyfcsmove Pos Primary WWN DIdswName. 1 Yes 10:00:00:60:69:10:02:181switch5. 2 No 10:00:00:60:69:00:00:5a2switch60. 3 No 10:00:00:60:69:00:00:133switch73. Please enter position you'd like to move from : (1..3) [1] 2 Please enter position you'd like to move to : (1..3) [1] 3 DEFINED POLICY SET FCS_POLICY Pos PrimaryWWN DIdswName 1 Yes 10:00:00:60:69:10:02:181switch5. 2 No 10:00:00:60:69:00:00:133switch73. 3 No 10:00:00:60:69:00:00:5a2switch60. 4. Type secPolicyActivate. Distributing an FCS policy The FCS policy can be automatically distributed using the fddcfg --fabswideset command or it can be manually distributed to the switches using the distribute -p command. Each switch that receives the FCS policy must be configured to receive the policy. To configure the switch to accept distribution of the FCS policy, refer to "Configuring the database distribution settings" on page 122. Switches in the fabric are designated as either a Primary FCS, backup FCS, or non-FCS switch. Database distributions may be initiated from only the primary FCS switch. FCS policy configuration and management is performed using the command line or a manageability interface. Only the primary FCS switch is allowed to distribute the database. The FCS policy may need to be manually distributed across the fabric using the distribute -p command if there is no support for automatic distribution in a mixed environment with 5.3.0 and pre-5.3.0 switches. Since this policy is distributed manually, the command fddcfg --fabwideset is used to distribute a fabric-wide consistency policy for FCS policy in an environment consisting of only Fabric OS 6.0 switches. FCS enforcement for the distribute command is handled differently for FCS and other databases in an FCS fabric: • For an FCS database, the enforcement allows any switch to initiate the distribution. This is to support FCS policy creation specifying a remote switch as Primary. • For other database distributions, only the primary FCS switch can initiate the distribution. There will be FCS enforcement at the receiving switch, so the switch will verify whether the distribution is coming from the primary FCS switch before accepting it. Distribution is accepted only if it is coming from a primary FCS switch. Distribution of FCS policy can still be accepted from a backup FCS switch if the Primary is not reachable or from a non-FCS switch if the Primary FCS and none of the backup FCS switches are reachable. To learn more about how to distribute policies, refer to "Distributing ACL policies to other switches" on page 123. NOTE: The FCS policy distribution is allowed to be distributed from a switch in the FCS list. However, if none of the FCS switches in the existing FCS list are reachable, receiving switches will accept distribution from any switch in the fabric. Local switch configuration parameters are needed to control whether a switch accepts or rejects distributions of FCS policy and whether the switch is allowed to initiate distribution of an FCS policy. A configuration parameter controls whether the distribution of the policy is accepted or rejected on the local 104 Configuring advanced security features