Brocade OS Command Reference Manual Supporting Fabric OS v6.0.0 (53-1000599-01, October 2007)

ManualsBrandsHP ManualsComputer AccessoriesHP DC SAN Director Switch Multiprotocol Extension Blade Option

581

582

583

584

585

586

587

588

589

590

556 Fabric OS Command Reference

53-1000599-01

secPolicyCreate

"member" Specify a list of members to be included in the security policy. The members

must be enclosed in quotation marks and separated by semicolons.

Depending on the policy type, members are specified as follows:.

DCC_POLICY Members

The DCC_Policy_nnn is a list of devices associated with a specific switch and

port combination. An empty DCC_POLICY does not stop access to the switch.

The device is specified with a WWN string. The switch and port combination

must be in the following format:

switch port

switch can be specified using WWN, domain, or switch name.

port can be specified by port numbers separated by commas and enclosed in

either brackets or parenthesis: for example, (2, 4, 6). Ports enclosed in

brackets will include the devices currently attached to those ports.

The following examples illustrate several ways to specify the port values:

(1-6) Selects ports 1 through 6.

(*) Selects all ports on the switch.

[3, 9] Selects ports 3 and 9 and all devices attached to those ports.

[1-3, 5] Selects ports 1 through 3 and 5 and all devices attached to those

ports.

[*] Selects all ports on the switch and devices currently attached to

those ports.

SCC_POLICY and FCC_POLICY Members

This policy type requires member IDs to be specified as WWN strings,

domains, or switch names. If domain or switch names are used, the switches

associated must be present in the fabric or the command fails.

To add all switches in the current fabric as members of the policy, enter an

asterisk enclosed in quotation marks “*” as the member value. This feature

cannot be used by the other security commands.

Examples To create an FCS policy:

primaryfcs:admin> secpolicycreate "FCS_POLICY", "3; 4"

FCS_POLICY has been created.

While creating the FCS policy, the local switch WWN is automatically included in the list.

Switches included in the FCS list are FCS switches and the remaining switches in the fabric are

non-FCS switches. Out of the FCS list, the switch that is in the first position becomes the

Primary FCS switch and the remaining switches become back-up FCS switches. If the first

switch in the FCS list is not reachable, the next switch becomes the Primary.

To create a device policy to allow two devices to attach to domain 3 ports 1 and 3 (the WWN of first

device is 11:22:33:44:55:66:77:aa and the WWN of second device is 11:22:33:44:55:66:77:bb):

primaryfcs:admin> secpolicycreate "DCC_POLICY_aB_7",

"11:22:33:44:55:66:77:aa;11:22:33:44:55:66:77:bb;3[1,3]"

DCC_POLICY_abc has been created.