958-000288-010, August 2005)

• Security Log—TheSecurityLogisanewlogavailableinEWS,CLI,andHAFM

that records various events concerning integrity of a switch. This includes

authorization or authentication problem detection, and approved and invalid

access attempts. Each log entr y provides an event number or reason, a date/time

stamp, a trigger level (a type of security event severity), an event count, and a

category and data per taining to the speciﬁc event. The log wraps at 200 entries.

This log provides customers with details to track down at tempted securit y threats

and identify the source of problems that might jeopardize the switch integrity.

• IP A ccess Control List—ThisallowsuserstoestablishalistofIPaddressesfrom

which the switch is allowed to accept connections. This prevents users who

have access to the Ethernet LAN from attempting to acc ess the Fibre Channel

switches. Connection attempts from unauthorized IP addresses are ignored by

the switch, making it appea r that no device is connected. This is primarily

intended for environments that are not on a private, inaccessible subnet, such as

wheninstalledinmostcabinetconﬁgurations with a dual-NIC HAFM appliance

Processor.

Advanced

Fabric Diagnostics

This provi

des tools to monitor the fabric and identify potential problems before

they impact network and application performance. Tools include ISL Fencing, new

switch-centric Fabric and Embedded Port Logs, an Audit Log for the embedded user

interfaces, and access to the Digital Diagnostic capabilities included with newer SFP

transceivers.

ISL fencing

Also called Port Fencing, this feature allows customers to set up policies for blocking

an ISL when problems occur that cause an ISL to “bounce” or repeatedly attempt to

establish a connection. Any time an ISL is brought up or down, a fabric rebuild occurs,

which can cause disruption in some environments. ISL Fencing will lessen the likelihood

of having a problematic ISL connection disrupt a SAN.

To conﬁgure this feature, users set policies with thresholds based on the num b er of

port events occurring during a set time period. If a por t generates enou gh events to

excee d the policy threshold, the port is automatically blocked and the user is notiﬁed.

Transmit and receive trafﬁc is disabled until the user can investigate, solve the problem,

and manually unblock the port.

Embedded Audit Log

The

Audit log is a new log available through CLI and EWS. This is not the same Audit

g available through HAFM. The log records all conﬁguration changes to the switch to

ovide data for analyzing problems caused by conﬁguration changes.