Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

221

222

223

224

225

226

227

228

229

230

TABLE 44 DCC policy behavior when created manually with PWWN (continued)

Configuration WWN seen on DCC policy list Behavior when DCC policy

activates

Behavior on portDisable and

portEnable

∙ FA-PWWN has logged

into the switch.

SCC Policies

The switch connection control (SCC) policy is used to restrict which switches can join the fabric. Switches are checked against the policy

each time an E_Port-to-E_Port connection is made. The policy is named SCC_POLICY and accepts members listed as WWNs, domain

IDs, or switch names. Only one SCC policy can be created.

By default, any switch is allowed to join the fabric; the SCC policy does not exist until it is created. When connecting a Fibre Channel

router to a fabric or switch that has an active SCC policy, the front domain of the Fibre Channel router must be included in the SCC

policy.

SCC policy states are shown in Table 45.

TABLE 45 SCC policy states

Policy state SCC policy enforcement

No active policy All switches can connect to the switch with the specified policy.

Active policy that has no members All neighboring switches are segmented.

Active policy that has members The neighboring switches not specified in the SCC policy are segmented.

Virtual Fabrics considerations for SCC policies

In a logical fabric environment the SCC policy enforcement is not done on the logical ISL. For a logical ISL-based switch, the SCC policy

enforcement is considered as the reference and the logical ISL is formed if the SCC enforcement passes on the extended ISL. The

following changes:

∙ A logical switch supports an SCC policy. You can configure and distribute an SCC policy on a logical switch.

∙ SCC enforcement is performed on a ISL based on the SCC policy present on the logical switch.

For more information on Virtual Fabrics, refer to Managing Virtual Fabrics on page 267.

Creating an SCC policy

1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the Security

RBAC class of commands.

2. Enter the secPolicyCreate "SCC_POLICY" command.

3. Save or activate the new policy by entering either the secPolicySave or the secPolicyActivate command.

If neither of these commands is entered, the changes are lost when the session is logged out.

Example of creating an SCC policy

For example, to create an SCC policy that allows switches that have domain IDs 2 and 4 to join the fabric:

switch:admin> secpolicycreate "SCC_POLICY", "2;4"

SCC_POLICY has been created

switch:admin> secpolicysave

Configuring Security Policies

Brocade Fabric OS Administration Guide, 8.0.1

226 53-1004111-02