Manualshelf

Users Guide

ManualsBrandsDell ManualsserversDell Brocade M6505
231232233234235236237238239240
Fabric OS Administrator’s Guide 231
53-1002920-02
Chapter
8
Configuring Security Policies
In this chapter
ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Device Connection Control policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
SCC Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . . . . . . . . 243
IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
ACL policies overview
Each supported Access Control List (ACL) policy listed below is identified by a specific name, and
only one policy of each type can exist, except for DCC policies. Policy names are case-sensitive and
must be entered in all uppercase. Fabric OS provides the following policies:
Fabric configuration server (FCS) policy — Used to restrict which switches can change the
configuration of the fabric.
Device connection control (DCC) policies — Used to restrict which Fibre Channel device ports
can connect to which Fibre Channel switch ports.
Switch connection control (SCC) policy — Used to restrict which switches can join with a switch.
NOTE
Run all commands in this chapter by logging in to Administrative Domain (AD) 255 with the
suggested permissions. If Administrative Domains have not been implemented, log in to AD0.
How the ACL policies are stored
The policies are stored in a local database. The database contains the ACL policy types of FCS,
DCC, SCC, and IPFilter. The number of policies that may be defined is limited by the size of the
database. FCS, SCC and DCC policies are all stored in the same database.
The limit for security policy database size is set to 1Mb. The policies are grouped by state and type.
A policy can be in either of the following states:
Active, which means the policy is being enforced by the switch.
Defined, which means the policy has been set up but is not enforced.