Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 6520

231

232

233

234

235

236

237

238

239

240

NOTE

Any RPC ports that were allowed in Fabric OS versions earlier than 7.2.0 are removed and ignored in

Fabric OS 7.2.0 and later.

Virtual Fabrics considerations : To distribute the IP Filter policy in a logical fabric, use the

chassisDistribute command.

Policy database distribution

Fabric OS lets you manage and enforce the ACL policy database on either a per-switch or fabric-wide

basis. The local switch distribution setting and the fabric-wide consistency policy affect the switch ACL

policy database and related distribution behavior.

The ACL policy database is managed as follows:

• Switch database distribution setting -- Controls whether or not the switch accepts or rejects

databases distributed from other switches in the fabric. The distribute command sends the

database from one switch to another, overwriting the target switch database with the distributed

one. To send or receive a database the setting must be accept. For configuration instructions, refer

to .

Virtual Fabric considerations: FCS, DCC, SCC, and AUTH databases can be distributed using the -

distribute command, but the PWD and IPFILTER databases are blocked from distribution.

• Manually distribute an ACL policy database -- Use the distribute command to push the local

database of the specified policy type to target switches. Refer to ACL policy distribution to other

switches on page 240.

• Fabric-wide consistency policy -- Use this policy to ensure that switches in the fabric enforce the

same policies. Set a strict or tolerant fabric-wide consistency policy for each ACL policy type to

automatically distribute that database when a policy change is activated. If a fabric-wide

consistency policy is not set, then the policies are managed on a per-switch basis. For configuration

instructions, refer to Fabric-wide enforcement on page 241.

Virtual Fabric considerations: Fabric-wide consistency policies are configured on a per-logical

switch basis and are applied to the fabrics connected to the logical switches. Automatic policy

distribution behavior for DCC, SCC, and FCS is the same as that of pre-v6.2.0 releases and are

configured on a per-logical switch basis.

The following table explains how the local database distribution settings and the fabric-wide

consistency policy affect the local database when the switch is the target of a distribute command.

Interaction between fabric-wide consistency policy and distribution settings TABLE 50

Distribution

setting

Fabric-wide consistency policy

Absent (default) Tolerant Strict

Reject Database is protected, it cannot

be overwritten.

May not match other databases

in the fabric.

Invalid configuration.

An error is returned indicating that the distribution setting must be Accept before you can set the fabric-wide consistency policy.

Policy database distribution

238 Fabric OS Administrators Guide

53-1003130-01