Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsComputer AccessoriesHP StorageWorks 2/8-EL 2/16 w/V3.1 Document Kit
61626364656667686970
3-20 Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
3
Front Panel Policy
The Front Panel policy can be used to restrict which switches can be accessed through the front panel.
This policy only applies to SilkWorm 2800 switches, since no other switches contain front panels. The
policy is named FRONTPANEL_POLICY and contains a list of switch WWNs, domain IDs, or switch
names for which front panel access is enabled. Table 3-10 displays the possible Front Panel policy
states.
To create a Front Panel policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “FRONTPANEL_POLICY”, “member;...;member.
member is a switch WWN, domain ID, or switch name. If a domain ID or switch name is used to
specify a switch, the associated switch must be present in the fabric for the command to succeed.
For example, to create a Front Panel policy to allow only domains 3 and 4 to use the front panel:
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out. For
more information about these commands, see “Saving Changes to Secure Fabric OS Policies” on
page 3-26 and “Activating Changes to Secure Fabric OS Policies” on page 3-27.
Creating an Options Policy
The Options policy can be used to prevent the use of node WWNs to add members to zones. This policy
is named OPTIONS_POLICY and has only one valid value, NoNodeWWNZoning”. Adding this
value to the policy prevents use of Node WWNs for WWN-based zoning.
The use of node WWNs can introduce ambiguity because the node WWN might also be used for one of
the device ports, as might be true with a host bus adapter (HBA). If the policy does not exist or is empty,
node WWNs can be used for WWN-based zoning. Only one Options policy can be created. This policy
cannot be used to control use of port WWNs for zoning.
By default, use of node WWNs is allowed; the Options policy does not exist until it is created by the
administrator. Table 3-11 displays the possible Options policy states.
Table 3-10 Front Panel Policy States
Policy State Characteristics
No policy All the switches in the fabric have front panel access enabled.
Policy with no entries All the switches in the fabric have front panel access disabled.
Policy with entries Only specified switches in the fabric have front panel access enabled.
primaryfcs:admin> secpolicycreate "FRONTPANEL_POLICY", "3; 4"
FRONTPANEL_POLICY has been created.