Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

241

242

243

244

245

246

247

248

249

250

Disabling local switch protection

1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the

FabricDistribution RBAC class of commands.

2. Enter the fddCfg --localaccept command.

ACL policy distribution to other switches

This section explains how to manually distribute local ACL policy databases. The distribute command has the following dependencies:

∙ All target switches must be running Fabric OS v6.2.0 or later.

∙ All target switches must accept the database distribution (refer to Database distribution settings on page 243).

∙ The fabric must have a tolerant or no (absent) fabric-wide consistency policy (refer to Fabric-wide enforcement on page 244).

If the fabric-wide consistency policy for a database is strict, the database cannot be manually distributed. When you set a strict fabric-

wide consistency policy for a database, the distribution mechanism is automatically invoked whenever the database changes.

∙ The local distribution setting must be accepted. To be able to initiate the distribute command, set the local distribution to

Accept.

Distributing the local ACL policies

1. Connect to the switch and log in using an account with admin permissions, or an account with OM permissions for the

FabricDistribution RBAC class of commands.

2. Enter the distribute -p command.

Fabric-wide enforcement

The fabric-wide consistency policy enforcement setting determines the distribution behavior when changes to a policy are activated.

Using the tolerant or strict fabric-wide consistency policy ensures that changes to local ACL policy databases are automatically

distributed to other switches in the fabric.

NOTE

To completely remove all fabric-wide policy enforcement from a fabric, enter the fddCfg --fabwideset "" command.

When you set the fabric-wide consistency policy using the fddCfg command with the --fabwideset

database_id

option, both the fabric-

wide consistency policy and specified database are distributed to the fabric.The active policies of the specified databases overwrite the

corresponding active and defined policies on the target switches.

Policy changes that are saved but not activated are stored locally until a policy database change is activated. Activating a policy

automatically distributes the Active policy set for that policy type (SCC, DCC, FCS, or any combination of the three) to the other switches

in the fabric.

NOTE

Starting with Fabric OS 7.3.0, FC routers can join a fabric with a strict fabric-wide consistency policy. FC routers do support the

fabric-wide consistency policies.

The following table describes the fabric-wide consistency settings.

TABLE 51

Fabric-wide consistency policy settings

Setting Value When a policy is activated

Absent null Database is not automatically distributed to

other switches in the fabric.

Configuring Security Policies

Brocade Fabric OS Administration Guide, 8.0.1

244 53-1004111-02