HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)
Fabric OS 5.3.0 administrator guide 271
CAUTION: If Security is enabled via the CLI in the FICON environment, then you should use the following
syntax for the secModeEnable command:
secmodeenable --lockdown=scc --currentpwd --fcs “*”
Issuing the secModeEnable command as it appears above enables security and creates an SCC policy
with all of the switches that currently reside in the fabric. It will also use the current password as the
password for all available accounts on the switch.
Also, if you intend to use the secModeEnable --quickmode command, device connection control
(DCC) policies are created for every port; this is not required for cascaded FICON configurations. These
DCC policies in a cascaded configuration lock down the ports because no devices are logged into them
before the command is executed, so no device can connect to these ports until you specifically add them to
the DCC policy. If you issued the secModeEnable --quickmode command, the best solution is to
delete the DCC policies that were created.
Be sure not to delete the SCC policy, which is required for FICON cascaded configurations.
5. Connect and enable channel and control unit (CU) devices. The Query for Security Attributes (QSA)
response to the channel indicates that the fabric binding and IDID are enabled.
Figure 17 shows one viable cascaded configurations. These configurations require Channel A to be
configured for two-byte addressing and require IDID and fabric binding. There can be only two switches in
the path from the channel to the control unit.
Figure 17 Cascaded configuration, two switches
Figure 18 Cascaded configuration, three switches
Setting a unique domain ID
In a cascaded configuration, each switch must have a unique domain ID, and insistent domain ID (IDID)
mode must be enabled. To set a unique domain ID and enable IDID mode, complete the following steps:
1. Connect to the switch and log in as admin.
2. Verify that the switch has a unique domain ID. If it does not, set a unique domain ID.
For instructions on displaying and changing the domain ID, refer to Working with domain IDs,
page 40.
3. Enter the switchDisable command to disable the switch.
4. Enter the configure command.
5. Press y after the Fabric Parameters prompt.
6. To enable IDID mode, press y after the “Insistent Domain ID Mode” prompt.
(You can disable this mode by pressing n.)
Channel
A
Control
Unit
B
Switch
Domain ID = 21
Switch
Domain ID = 22
Channel
A
Control
Unit
C
Control
Unit
D
Switch
Domain ID = 23
Switch
Domain ID = 21
Switch
Domain ID = 22