Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620
21222324252627282930
Brocade Fabric OS Command Reference 3
53-1004112-02
Understanding Virtual Fabric restrictions
Understanding Virtual Fabric restrictions
All Fabric OS commands are subject to additional RBAC enforcement with regard to Virtual Fabric contexts and switch types. Commands
can be executed in one or more of the contexts described in Table 2. Execution of chassis commands requires chassis permissions.
Switch commands are further defined by the switch type restrictions as described in Table 3. Switch type restrictions are not applicable to
commands that require chassis permissions.
In a Virtual Fabric environment where contexts are enforced, the following Virtual Fabric restrictions apply to the RBAC permissions
specified in Table 1. Refer to the userConfig command for more information on configuring user account access permissions in a Virtual
Fabric environment.
Any given role is allowed to execute all switch commands to which the role is authorized in the account’s home context. The
default home context is the default logical fabric FID 128.
You can change an account’s home context to a specified FID and configure the account permissions to access additional
logical switches specified in the user’s Fabric ID list.
Accounts with user or admin permissions can be granted chassis permissions. A user account with the chassis role can execute
chassis-level commands at the user RBAC access level. An admin account with the chassis role can execute chassis-level
commands at the admin RBAC access level.
Use the classConfig --showcli command to look up the Virtual Fabrics context for a specified command. Refer to “Command Availability”
for a complete listing of Virtual Fabric restrictions that apply to the commands included in this manual.
Determining RBAC permissions for a specific command
To determine RBAC permission for a specific command, use the classconfig command.
1. Enter the classconfig --showcli command for a specified command.
The command displays the RBAC class and access permissions for each of the command options. Note that options for a single
command option can belong to different classes.
2. Enter the classconfig --showroles command and specify the RBAC class of the command option you want to look up.
The command displays the default roles and the permissions they have to access commands in the specified RBAC class.
TABLE 2 Virtual Fabric contexts
Context type Definition
Switch context Command applies to the current logical switch only, or to a specified logical switch.
Chassis context Command applies to the chassis on which it is executed.
Switch and chassis context Command can be executed in a logical switch context or in a chassis context.
Disallowed Command is not supported in Virtual Fabric mode.
TABLE 3 Switch types
Switch type Definition
All Switches Command can be executed in any switch context.
Base Switch Only Command can be executed only on the base switch.
Default Switch Only Command can be executed only on the default switch.
N/A Command is a chassis command or not supported in Virtual Fabric mode.