Users Guide

ManualsBrandsDell ManualsComputer equipmentBrocade M5424

251

252

253

254

255

256

257

258

259

260

Fabric OS Administrator’s Guide 253

53-1002920-02

IP Filter policy

1. Log in to the switch using an account with admin permissions, or an account associated with

the chassis role and having OM permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil import –fcapswcert command.

switch:admin> seccertutil import -fcapswcert

Select protocol [ftp or scp]: scp

Enter IP address: 10.1.2.3

Enter remote directory: /myHome/jdoe/OPENSSL

Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk"

suffix):01.pem

Enter Login Name: jdoe

jdoe@10.1.2.3's password: <hidden text>

Success: imported certificate [01.pem].

Starting FCAP authentication

1. Log in to the switch using an account with admin permissions, or an account with OM

permissions for the Authentication RBAC class of commands.

2. Enter the authUtil

--authinit command to start the authentication using the newly imported

certificates. (This command is not supported in Access Gateway mode.)

3. Enter the authUtil

--policy -sw command and select active or on, the default is passive. This

makes the changes permanent and forces the switch to request authentication. (For Access

Gateway mode, the defaults for sw policy and dev policy are off, and there is no passive option

for sw policy.)

NOTE

This authentication-policy change does not affect online EX_Ports.

Fabric-wide distribution of the authorization policy

The AUTH policy can be manually distributed to the fabric by command; there is no support for

automatic distribution. To distribute the AUTH policy, see “Distributing the local ACL policies” on

page 263 for instructions.

Local Switch configuration parameters are needed to control whether a switch accepts or rejects

distributions of the AUTH policy using the distribute command and whether the switch may initiate

distribution of the policy. To set the local switch configuration parameter, refer to “Policy database

distribution” on page 260.

NOTE

This is not supported for Access Gateway mode.

IP Filter policy

The IP Filter policy is a set of rules applied to the IP management interfaces as a packet filtering

firewall. The firewall permits or denies the traffic to go through the IP management interfaces

according to the policy rules.