Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsComputer AccessoriesHP SN8000B 16Gb 32-port Fibre Channel Blade
61626364656667686970
Secure Fabric OS Administrator’s Guide 47
53-1000244-02
3
member is one or more IP addresses in dot-decimal notation. “0” can be entered in an octet to
indicate that any number can be matched in that octet.
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out.
For more information about these commands, see “Saving Changes to Secure Fabric OS
Policies” on page 56 and Activating Changes to Secure Fabric OS Policies” on page 56.
For example, to create an HTTP policy to allow anyone on the network with IP address of
192.168.5.0 (where “0” can be any number) to establish an HTTP connection to any switch in
the fabric:
primaryfcs:admin> secpolicycreate "HTTP_POLICY", "192.168.5.0"
HTTP_POLICY has been created.
API Policy
The API policy can be used to specify which workstations can use API to access the fabric and
which ones can write to the primary FCS switch.
The policy is named API_POLICY and contains a list of the IP addresses that are allowed to
establish an API connection to switches in the fabric. Table 7 displays the possible API policy states.
To create an API policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “API_POLICY”, “member;...;member.
member is one or more IP addresses in dot-decimal notation. “0” can be entered in an octet to
indicate that any number can be matched in that octet.
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out.
For more information about these commands, see “Saving Changes to Secure Fabric OS
Policies” on page 56 and Activating Changes to Secure Fabric OS Policies” on page 56.
For example, to create an API policy to allow anyone on the network with an IP address of
192.168.5.0 (where “0” can be any number) to establish an API connection to any switch in
the fabric:
primaryfcs:admin> secpolicycreate "API_POLICY", "192.168.5.0"
API_POLICY has been created.
TABLE 7 API Policy States
Policy State Characteristics
No policy All workstations can establish an API connection to any switch in the fabric.
Policy with no entries No host can establish an API connection to any switch in the fabric.
Policy with entries Only specified hosts can establish an API connection to any switch in the fabric,
and write operations can only be performed on the primary FCS switch.