Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsComputer AccessoriesHP StorageWorks 2/8-EL 2/16 w/V3.1 Document Kit
71727374757677787980
Secure Fabric OS Administrator’s Guide 3-21
Publication Number: 53-1000244-01
3
To create an Options policy:
1. Log in to the primary FCS switch as admin from a sectelnet or SSH session.
2. Type secPolicyCreate “OPTIONS_POLICY”, “NoNodeWWNZoning”.
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out. For
more information about these commands, see “Saving Changes to Secure Fabric OS Policies” on
page 3-26 and “Activating Changes to Secure Fabric OS Policies” on page 3-27.
4. To apply the change to current transactions, disable the switch then re-enable it by entering the
switchDisable and switchEnable commands. This stops any current traffic between devices that
are zoned using node names.
Creating a DCC Policy
Multiple DCC policies can be used to restrict which device ports can connect to which switch ports. The
devices can be initiators, targets, or intermediate devices such as SCSI routers and loop hubs. By
default, all device ports are allowed to connect to all switch ports; no DCC policies exist until they are
created by the administrator.
Each device port can be bound to one or more switch ports; the same device ports and switch ports
might be listed in multiple DCC policies. After a switch port is specified in a DCC policy, it permits
connections only from designated device ports. Device ports that are not specified in any DCC policies
are allowed to connect only to switch ports that are not specified in any DCC policies.
Table 3-11 Options Policy States
Policy State Characteristics
No policy Node WWNs can be used for WWN-based zoning.
Policy with no entries Node WWNs can be used for WWN-based zoning.
Policy with entries Node WWNs cannot be used for WWN-based zoning.
primaryfcs:admin> secpolicycreate “OPTIONS_POLICY”, “NoNodeWWNZoning”
OPTIONS_POLICY has been created.
N
ote
Fabric OS v5.2.0 supports local DCC policies; however the local DCC polices created in non-secure
mode cannot be used while in secure mode. Policies created in non-secure mode are deleted when secure
mode is enabled. Back up DCC policies before enabling secure mode.
N
ote
Some older private-loop HBAs do not respond to port login from the switch and are not enforced by the
DCC policy. However, this does not create a security problem because these HBAs cannot contact any
device outside of their immediate loop.