Manualshelf

Concept Guide

ManualsBrandsDell ManualsComputer AccessoriesPOWEREDGE M1000E
21222324252627282930
8 Dell 8/4Gbps FC SAN Module Administrator’s Guide
53-1001345-01
Advanced Device Security policy
3
FC SAN Module policy enforcement matrix
The following table shows which combinations of policies can co-exist with each other.
Advanced Device Security policy
The Advanced Device Security (ADS) is disabled by default for the FC SAN Module. ADS is a security
policy that restricts access to the fabric at the to a set of authorized devices. Unauthorized access
is rejected and the system logs a RASLOG message. You can configure the list of allowed devices
for each internal port (F_Port) by specifying their Port WWN (PWWN). The ADS policy secures virtual
and physical connections to the SAN.
How the ADS policy works
When you enable this policy, it applies to all internal ports (F_Ports) on the FC SAN Module. By
default, all devices have access to the fabric on all ports. You can restrict the fabric connectivity to
a particular set of devices where FC SAN Module maintains a per-port allow list for the set of
devices whose PWWN you define to log in through an internal port. You can view the devices with
active connections to an internal port using the ag --show command.
NOTE
The ag --show command only displays the Core FC SAN Module, such as the modules that are
directly connected to fabric. The agshow
--name name command displays the internal ports of both
the Core and Edge modules.
Enabling and disabling the Advanced Device Security policy
By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow
lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the
configuration using the configupload command in case you need this configuration again.
1. Connect to the FC SAN Module and log in using an account assigned to the admin role.
2. Enter the ag
--policyenable ads command to enable the ADS policy.
switch:admin> ag --policyenable ads
The policy ADS is enabled
3. Enter the ag --policydisable ads command to disable the ADS policy.
switch:admin> ag --policydisable ads
The policy ADS is disabled
TABLE 4 Policy enforcement matrix
Policies Auto Port Configuration Port Grouping ADS Policy
Auto Port Configuration
N/A Cannot co-exist Can co-exist
N_Port Grouping
Mutually exclusive N/A Can co-exist
ADS Policy
Can co-exist Can co-exist N/A