HP StorageWorks 2/128 Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 63
Creating an SNMP Policy, Table 3-3, RSNMP Policy, Read Result, Write Result
View all HP StorageWorks 2/128 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 63 highlights
3 The individual MAC policies and how to create them are described in the following sections. By default, all MAC access is allowed; no MAC policies exist until they are created. Note An empty MAC policy blocks all access through that management channel. When creating policies, ensure that all desired members are added to each policy. Providing fabric access to proxy servers is strongly discouraged. When a proxy server is included in a MAC policy for IP-based management, such as the HTTP_POLICY, all IP packets leaving the proxy server appear to originate from the proxy server. This could result in allowing any hosts that have access to the proxy server to access the fabric. Serial, Telnet, and API violations that occur on the standby CP of a chassis-based platform do not display on the active CP. Also, during an HA failover, security violation counters and events are not propagated from the former active CP to the current active CP. Creating an SNMP Policy Read and write SNMP policies can be used to specify which SNMP hosts are allowed read and write access to the fabric: • RSNMP_POLICY (read access) Only the specified SNMP hosts can perform read operations to the fabric. • WSNMP_POLICY (write access) Only the specified SNMP hosts can perform write operations to the fabric. The SNMP hosts must be identified by IP address. Any host granted write permission by the WSNMP policy is automatically granted read permission by the RSNMP policy. See "To create an SNMP policy" on page 3-14. Table 3-3 lists the expected read and write behaviors resulting from combinations of the RSNMP and WSNMP policies. Table 3-3 Read and Write Behaviors of SNMP Policies RSNMP Policy WSNMP Policy Read Result Write Result Nonexistent Nonexistent Nonexistent Empty Empty Nonexistent Empty Host B in policy Nonexistent Empty Any host can read Any host can write Any host can read No host can write Any host can read Only B can write This combination is not supported. If the WSNMP policy is not defined, the RSNMP policy cannot be created. No host can read No host can write Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01 3-13