Administrators Guide (Supporting Fabric OS v7.3.0) Manual

ManualsBrandsBrocade ManualsComputer AccessoriesWeb Tools

191

192

193

194

195

196

197

198

199

200

Configuring Standard Security Features

● User-defined accounts.................................................................................................. 197

● User-defined roles.........................................................................................................206

● Access control list policy configuration..........................................................................209

● Fabric-Wide Consistency Policy configuration.............................................................. 212

● Authentication policy configuration................................................................................213

● SNMP configuration...................................................................................................... 215

● RADIUS management...................................................................................................217

● Active Directory service management...........................................................................220

● TACACS+ management................................................................................................221

● IPsec concepts..............................................................................................................223

● IPsec over management ports...................................................................................... 228

● Establishing authentication policies for HBAs............................................................... 233

User-defined accounts

In addition to the default accounts--root, factory, admin, and user--Fabric OS v7.0.0 and later support up

to 256 user-defined accounts in each logical switch (domain). These accounts expand your ability to

track account access and audit administrative activities.

When the Virtual Fabrics capability is enabled, each user-defined account is associated with the

following:

• Virtual Fabric ID--Specifies the accessible Virtual Fabrics for a user account.

• Home Virtual Fabric--Specifies the default Virtual Fabric for a user account.

• Role--Determines functional access levels within the Virtual Fabric.

When the Admin Domain capability is enabled, each user-defined account is associated with the

following:

• Admin Domain list--Specifies the accessible Admin Domains for a user account.

• Home Admin Domain--Specifies the default Admin Domain for a user account. The home Admin

Domain must be a member of the user’s Admin Domain list.

• Role--Determines functional access levels within the bounds of the user’s current Admin Domain.

NOTE

Virtual Fabrics and Admin Domains are mutually exclusive.

Access rights for any user session are determined by the user’s role-based access rights. Refer to

Introducing Web Tools on page 19 for additional information about Role-Based Access Control (RBAC).

The User tab of the Switch Administration window (Figure 38 on page 199) displays account

information. You can create and manage accounts depending on your role. The roles and permissions

are listed in the following table.

Web Tools Administrator's Guide

197

53-1003169-01