HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 108
ACL policy management
![]() |
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 108 highlights
When a policy is activated, the defined policy either replaces the policy with the same name in the active set or becomes a new active policy. If a policy appears in the defined set but not in the active set, the policy was saved but has not been activated. If a policy with the same name appears in both the defined and active sets but they have different values, the policy has been modified but the changes have not been activated. Admin Domain considerations: ACL management can be done on AD255 and in AD0 only if other there are no user-defined Admin Domains. Both AD0 (when no other user-defined Admin Domains exist) and AD255 provide an unfiltered view of the fabric. Identifying policy members Specify the FCS, DCC and SCC policy members by device port WWN, switch WWN, Domain IDs, or switch names, depending on the policy. The valid methods for specifying policy members are listed in Table 24. Table 24 Valid methods for specifying policy members Policy name Device port WWN Switch WWN Domain ID Switch name FCS_POLICY No Yes Yes Yes DCC_POLICY_nnn Yes Yes Yes Yes SCC_POLICY No Yes Yes Yes ACL policy management All policy modifications are saved in volatile memory until those changes are saved or activated. You can create multiple sessions to the switch from one or more hosts. It is recommended to make changes from one switch only to avoid having multiple transactions from occurring. The FCS, SCC and DCC policies in Secure Fabric OS are not interchangeable with Fabric OS FCS, SCC and DCC policies. Uploading and saving a copy of the Fabric OS configuration after creating policies is recommended. For more information on configuration uploads, see the "Maintaining the Switch Configuration File" on page 139. Use the secPolicyShow command to display the active and defined policy sets. You can view the active an defined policy sets at any time. NOTE: Note that in a defined policy set, policies created in the same login session also appear but these policies are automatically deleted if you log out without saving. NOTE: All changes, including the creation of new policies, are saved and activated on the local switch only-unless the switch is in a fabric that has a strict or tolerant fabric-wide consistency policy for the ACL policy type for SCC or DCC. See "Distributing the policy database" on page 129 for more information on the database settings and fabric-wide consistency policy. Use the instructions in the following sections to manage common settings between two or more of the DCC, FCS, and SCC policies. For instructions relating to a specific policy, see the appropriate section: • "Displaying ACL policies" on page 109 Displays a list of all active and defined ACL policies on the switch. • "ACL policy modifications" on page 116 Save changes to memory without actually implementing the changes within the fabric or to the switch. This saved but inactive information is known as the defined policy set. Simultaneously save and implement all the policy changes made since the last time changes were activated. The activated policies are known as the active policy set. Delete an entire policy; deleting a policy opens up that aspect of the fabric to all access. 108 Configuring advanced security features
![](/manual_guide/products/hewlettpackard-ae370a-hp-storageworks-fabric-os-611-administrator-guide-56970235-2009-a28315e/108.png)