HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 129

implement the policy for optimization purposes. If a distribution includes an active IP Filter policy, the receiving switches will activate the same IP Filter policy automatically. When a switch receives IP Filter policies, all uncommitted changes left in its local transaction buffer will be lost, and the transaction is aborted. Switches with Fabric OS 5.3.0 or later have the ability to accept or deny IP Filter policy distribution, through the commands fddCfg --localaccept or fddcfg --localreject. However, automatic distribution of IP Filter policy through Fabric Wide Consistent Policy is not supported in Fabric OS 6.1.x. See "Distributing ACL policies to other switches" on page 131 for more information on distributing the IP Filter policy. IP Filter policy restrictions In a mixed fabric with Fabric OS 5.3.0 or later and pre-5.3.0 switches, IP Filter policies cannot be distributed from a Fabric OS 6.1.0 switch to a pre-5.3.0 switch. This means that the sending switch will fail distribute --p "IPFILTER" operation, if the specified receiving domain list contains switches with Fabric OS 5.2.0 and earlier. When the asterisk (*) is used as the receiving domain, the sending switch distributes the IP Filter policies only to switches with Fabric OS 5.3.0 or later. Distributing the policy database Fabric OS lets you manage and enforce the ACL policy database on either a per-switch or fabric-wide basis. The local switch distribution setting and the fabric-wide consistency policy affect the switch ACL policy database and related distribution behavior. The ACL policy database is managed as follows: • Switch database distribution setting-Controls whether or not the switch accepts or rejects databases distributed from other switches in the fabric. The distribute command sends the database from one switch to another, overwriting the target switch database with the distributed one. To send or receive a database the setting must be accept. For configuration instructions, see "Configuring the database distribution settings" on page 130. • Manually distribute an ACL policy database-Run the distribute command to push the local database of the specified policy type to target switches. "Distributing ACL policies to other switches" on page 131. • Fabric-wide consistency policy-Use to ensure that switches in the fabric enforce the same policies. Set a strict or tolerant fabric-wide consistency policy for each ACL policy type to automatically distribute that database when a policy change is activated. If a fabric-wide consistency policy is not set, the policies are managed on per switch basis. For configuration instructions, see"Setting the consistency policy fabric-wide" on page 132. Table 33 explains how the local database distribution settings and the fabric-wide consistency policy affect the local database when the switch is the target of a distribution command. Table 33 Interaction between fabric-wide consistency policy and distribution settings Distribution setting Reject Accept (default) Fabric-wide consistency policy Absent (default) Tolerant Database is protected, it cannot be overwritten. May not match other databases in the fabric. Invalid configuration.1 Database is not protected, the database can be overwritten. If the switch initiating a distribute command has a strict or tolerant fabric-wide consistency policy, the fabric-wide policy is also overwritten. May not match other databases in the fabric. Database is not protected. Automatically distributes activated changes to other 5.20 switches in the fabric. Allows switches running Fabric OS 5.1.x and earlier in the fabric. May not match other databases in the fabric. Strict Invalid configuration.1 Database is not protected. Automatically distributes activated changes to all switches in the fabric. Fabric can only contain switches running Fabric OS 5.2.0 or later. Active database is the same for all switches in the fabric. Fabric OS 6.1.1 administrator guide 129