HP StorageWorks 8/40 Brocade Fabric OS Administrator's Guide v6.3.0 (53-100133 - Page 184
Policy database distribution
View all HP StorageWorks 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 184 highlights
7 Policy database distribution Policy database distribution Fabric OS lets you manage and enforce the ACL policy database on either a per-switch or fabric-wide basis. The local switch distribution setting and the fabric-wide consistency policy affect the switch ACL policy database and related distribution behavior. The ACL policy database is managed as follows: • Switch database distribution setting - Controls whether or not the switch accepts or rejects databases distributed from other switches in the fabric. The distribute command sends the database from one switch to another, overwriting the target switch database with the distributed one. To send or receive a database the setting must be accept. For configuration instructions, see "Database distribution settings" on page 143. Virtual Fabric considerations: FCS, DCC, SCC, and AUTH databases can be distributed using the -distribute command, but the PWD and IPFILTER databases are blocked from distribution. • Manually distribute an ACL policy database - Run the distribute command to push the local database of the specified policy type to target switches. "ACL policy distribution to other switches" on page 144. • Fabric-wide consistency policy - Use to ensure that switches in the fabric enforce the same policies. Set a strict or tolerant fabric-wide consistency policy for each ACL policy type to automatically distribute that database when a policy change is activated. If a fabric-wide consistency policy is not set, then the policies are managed on a per switch basis. For configuration instructions, see "Fabric-wide enforcement" on page 144. Virtual Fabric considerations: Fabric-wide consistency policies are configured on a per logical switch-basis and are applied to the fabrics connected to the logical switches. Automatic policy distribution behavior for DCC, SCC and FCS is the same as that of pre-v6.2.0 releases and are configured on a per logical switch basis. Table 32 on page 142 explains how the local database distribution settings and the fabric-wide consistency policy affect the local database when the switch is the target of a distribution command. TABLE 32 Interaction between fabric-wide consistency policy and distribution settings Distribution Fabric-wide consistency policy setting Absent (default) Tolerant Strict Reject Database is protected, it cannot be overwritten. May not match other databases in the fabric. Invalid configuration.1 Invalid configuration.1 Accept (default) Database is not protected, the database can be overwritten. If the switch initiating a distribute command has a strict or tolerant fabric-wide consistency policy, the fabric-wide policy is also overwritten. May not match other databases in the fabric. Database is not protected. Automatically distributes activated changes to other v6.1.0 or later switches in the fabric. May not match other databases in the fabric. Database is not protected. Automatically distributes activated changes to all switches in the fabric. Fabric can only contain switches running Fabric OS v6.1.0 or later. Active database is the same for all switches in the fabric. 142 Fabric OS Administrator's Guide 53-1001336-01