HP StorageWorks 4/32B HP StorageWorks Fabric OS 5.3.x administrator guide (569 - Page 127
Removing a member from an ACL policy, Deleting an ACL policy, Aborting all uncommitted changes
View all HP StorageWorks 4/32B manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 127 highlights
Removing a member from an ACL policy To remove a member from an ACL policy 1. Connect to the switch and log in. 2. Type secPolicyRemove "policy_name", "member;...;member". where policy_name is the name of the ACL policy. member is the device or switch to be removed from the policy, identified by IP address, switch domain ID, device or switch WWN, or switch name. 3. To implement the change immediately, enter the secPolicyActivate command. For example, to remove a member that has a WWN of 12:24:45:10:0a:67:00:40 from SCC_POLICY: switch:admin> secpolicyremove "SCC_POLICY", "12:24:45:10:0a:67:00:40" Member(s) have been removed from SCC_POLICY. Deleting an ACL policy To delete an ACL policy 1. Connect to the switch and log in. 2. Type secPolicyDelete "policy_name". where policy_name is the name of the ACL policy. 3. To implement the change immediately, enter the secPolicyActivate command. switch:admin> secpolicydelete "DCC_POLICY_ALL" About to delete policy Finance_Policy. Are you sure (yes, y, no, n):[no] y Finance_Policy has been deleted. Aborting all uncommitted changes Use the secPolicyAbort command to abort all ACL policy changes that have not yet been saved. To abort all unsaved changes: 1. Connect to the switch and log in. 2. Type the secPolicyAbort command: switch:admin> secpolicyabort Unsaved data has been aborted. All changes since the last time the secPolicySave or secPolicyActivate commands were entered are aborted. Configuring the authentication policy for fabric elements By default, Fabric OS 5.3.0 uses DH-CHAP or FCAP protocols for authentication. These protocols use shared secrets and digital certificates, based on switch WWN and public key infrastructure (PKI) technology to authenticate switches. Authentication automatically defaults to FCAP if both switches configured to accept FCAP protocol in authentication. The fabric authentication feature is available in base Fabric OS. No license is required. You can configure a switch with Fabric OS 5.3.0 or later to use Diffie-Hellman challenge handshake authentication protocol (DH-CHAP) for device authentication. Use the authUtil command to configure the authentication parameters used by the switch. When you configure DH-CHAP authentication, you also must define a pair of shared secrets known to both switches as a secret key pair. Figure 2 illustrates how the secrets are configured. A secret key pair consists of a local secret and a peer secret. The local secret uniquely identifies the local switch. The peer secret uniquely identifies the entity to which the local switch authenticates. Every switch can share a secret key pair with any other switch or host in a fabric. In order to use DH-CHAP authentication, a secret key pair has to be configured on both switches. To use FCAP on both switches, PKI certificates have to be installed. You can use the command authutil --set to set the authentication protocol which can then be verified using the command authutil --show CLI. The standards-compliant DH-CHAP and FCAP authentication protocols are not compatible with the SLAP protocol that was the only protocol supported in earlier Fabric OS releases 4.2, 4.1, 3.1, 2.6.x. Fabric OS 5.3.0 administrator guide 129