HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 427

command when working from the command line. For GUI-based procedures, see the Web Tools Administrator's Guide for configuring the routing policy using the FICON tab in Web Tools. 4. Issue the ficonshow rnid command to verify that the FICON devices are registered with the switch. 5. Issue the ficonshow lirr command to verify that the FICON host channels are registered to listen for link incidents. 6. For an option, see "FICON CUP" on page 431 for details about using FICON CUP. Configuring a single switch Single-switch configuration does not require IDID or fabric binding, provided that connected channels are configured for single-byte addressing. However, you should configure IDID to ensure that Domain IDs are maintained. Configuring a high-integrity fabric To configure a high-integrity fabric (cascaded configuration): 1. Disable each switch in the fabric. 2. For each switch: a. Enable the IDID flag. b. Set the Domain ID. 3. Enable the switches; this builds the fabric. 4. Set the SCC policy, as described in "Configuring advanced security features" on page 107. 5. Configure the Switch Connection Control policies on all switches to limit connectivity to only the switches in the selected fabric using the secPolicyCreate command: switch:admin> secPolicyCreate SCC_POLICY, member;...;member where: member indicates a switch that is permitted to join the fabric. Specify switches by WWN, Domain ID, or switch name. Enter an asterisk (*) to indicate all the switches in the fabric. To create a policy that includes all the switches in the fabric, issue the following command: switch:admin> secPolicyCreate SCC_POLICY "*" 6. Save or activate the new policy by issuing either the secPolicySave or the secPolicyActivate command. If neither of these commands is issued, the changes are lost when the session is logged out. To activate the SCC policy: switch:admin> secPolicyActivate 7. Enable ACL Fabric Wide Consistency Policy and enforce a strict SCC policy: switch:admin> fddcfg --fabwideset "SCC:S" 8. Connect and enable channel and control unit (CU) devices. The Query for Security Attributes (QSA) response to the channel indicates that the fabric binding and IDID are enabled. Figure 56 and Figure 57 show two viable cascaded configurations. These configurations require Channel A to be configured for two-byte addressing and require IDID and fabric binding. It is recommended that Fabric OS 6.1.x administrator guide 427