Manualshelf

Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop
371372373374375376377378379380
336 Fabric OS Administrator’s Guide
53-1002148-02
Configuration upload and download considerations for FA-PWWN
16
Configuration upload and download considerations for FA-PWWN
The configuration upload and download utilities can be used to import and export the FA-PWWN
configuration.
ATTENTION
Brocade recommends you delete all FA-PWWNs from the switch whose configuration is being
replaced before you upload or download a modified configuration. This is to ensure no duplicate
FA-PWWNs in the fabric.
Firmware upgrade and downgrade considerations for FA-PWWN
Firmware downgrade is blocked if the FA-PWWN feature is enabled on the switch. All FA-PWWN
configurations are lost if firmware is downgraded, followed by an upgrade back to Fabric OS 7.0.0.
This is done to ensure that the FA-PWWN configurations are not tampered when the switch is
running an earlier version of the firmware.
You must also consider zone configuration, security configuration, and target ACLs when
downgrading from Fabric OS 7.0.0 because if any of these (zone, security, and target ACLs) have
FA-PWWNs configured, the SAN network might not function properly, or at all.
Security considerations for FA-PWWN
The FA-PWWN feature can be enabled only by authorized administrators. Thus, existing user-level
authentication and authorization mechanisms should be used to ensure only authorized users can
configure this feature.
If you are concerned about security for FA-PWWN, you should configure device authentication. You
can use authentication at the device level to ensure security between the switch and the server.
Refer to “Device authentication policy” on page 148 for information about configuring device
authentication.
You can also use the Device Connection Control (DCC) policy to ensure that only an authorized
physical server can connect to a specific switch port.
NOTE
When creating the DCC policy, use the physical device WWN and not the FA-PWWN.
If you use DCC, a policy check is done on the physical PWWN on the servers. In the case of an HBA,
the FA-PWWN is assigned to the HBA only after the DCC check is successful.
Refer to “DCC policy behavior with Fabric Assigned PWWNs” on page 143 for additional
information.