Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)
166 Fabric OS Administrator’s Guide
53-1002148-02
Policy database distribution
7
Setting the fabric-wide consistency policy
1. Connect to the switch and log in using an account with admin permissions, or an account with
OM permissions for the FabricDistribution RBAC class of commands.
2. Enter the fddCfg
--fabwideset command.
Example shows how to set a strict SCC and tolerant DCC fabric-wide consistency policy.
switch:admin> fddcfg --fabwideset "SCC:S;DCC"
switch:admin> fddcfg --showall
Local Switch Configuration for all Databases:-
DATABASE - Accept/Reject
---------------------------------
SCC - accept
DCC - accept
PWD - accept
FCS - accept
AUTH - accept
IPFILTER - accept
Fabric Wide Consistency Policy:- "SCC:S;DCC"
Notes on joining a switch to the fabric
When a switch is joined to a fabric with a tolerant SCC, DCC, or FCS fabric-wide consistency policy,
the joining switch must have a matching tolerant SCC, DCC, or FCS fabric-wide consistency policy. If
the tolerant SCC, DCC, or FCS fabric-wide consistency policies do not match, the switch can join the
fabric, but an error message flags the mismatch. If the tolerant SCC, DCC, and FCS fabric-wide
consistency policies match, the corresponding SCC, DCC, and FCS ACL policies are compared.
The enforcement of fabric-wide consistency policy involves comparison of only the Active policy set.
If the ACL policies match, the switch joins the fabric successfully. If the ACL policies are absent on
the switch or on the fabric, the switch joins the fabric successfully, and the ACL policies are copied
automatically from where they exist to where they are absent. The Active policies set where they
exist and overwrite the Active and Defined policies where they are absent. If the ACL policies do not
match, the switch can join the fabric, but an error message flags the mismatch.
Under both conflicting conditions, secPolicyActivate is blocked in the merged fabric. Use the
fddCfg
--fabwideset command to resolve the fabric-wide consistency policy conflicts. Use the
distribute command to explicitly resolve conflicting ACL policies.
When a switch is joined to a fabric with any strict fabric-wide consistency policy, the joining switch
must have a matching fabric-wide consistency policy. If the fabric-wide consistency policies do not
match, the switch cannot join the fabric and the neighboring E_Ports are disabled. If the fabric-wide
consistency policies match, the corresponding SCC, DCC, and FCS ACL policies are compared.
The enforcement of fabric-wide consistency policy involves comparison of only the Active policy set.
If the ACL polices match, the switch joins the fabric successfully. If the ACL policies are absent
either on the switch or on the fabric, the switch joins the fabric successfully, and the ACL policies
are copied automatically from where they are present to where they are absent. The Active policy
set where it is present overwrites the Active and Defined policy set where it is absent. If the ACL
policies do not match, the switch cannot join the fabric and the neighboring E_Ports are disabled.