Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
41424344454647484950
34 Secure Fabric OS Administrator’s Guide
53-1000244-02
3
Default Fabric and Switch Accessibility
Following is the default fabric and switch access when secure mode is enabled but no additional
Secure Fabric OS policies have been created:
Switches:
- Only the primary FCS switch can be used to make Secure Fabric OS changes.
- Any SilkWorm or Brocade switch can join the fabric, provided it is connected to the fabric, a
SilkWorm 2000-series switch or later, and meets the minimum Secure Fabric OS
requirements (such as Secure Fabric OS and Advanced Zoning licenses and digital
certificates).
- All switches in the fabric can be accessed through a serial port.
- All switches in the fabric that have front panels (SilkWorm 2000-series switches) can be
accessed through the front panel.
Computer hosts and workstations:
- Any host can access the fabric by using SNMP.
- Any host can access any switch in the fabric by using the CLI (such as by sectelnet or SSH).
- Any host can establish an HTTP connection to any switch in the fabric.
- Any host can establish an API connection to any switch in the fabric.
Devices:
- All device ports can access SES.
- All devices can access the management server.
- Any device can connect to any Fibre Channel port in the fabric.
Zoning: node WWNs can be used for WWN-based zoning.
Enabling Secure Mode
Secure mode is enabled and disabled on a fabric-wide basis. Secure mode can be enabled and
disabled as often as desired; however, all Secure Fabric OS policies, including the FCS policy, are
deleted each time secure mode is disabled, and they must be re-created the next time it is
enabled. The Secure Fabric OS database can be backed up using the configUpload command. For
more information about this command, see the Fabric OS Command Reference.
Secure mode is enabled using the secModeEnable command. This command must be entered
through a sectelnet, SSH, or serial connection to the switch designated as the primary FCS switch.
The command fails if any switch in the fabric is not capable of enforcing Secure Fabric OS policies.
If the primary FCS switch fails to participate in the fabric, the role of the primary FCS switch moves
to the next available switch listed in the FCS policy. See the Fabric OS Command Reference for
more information
NOTE
Proxy device access cannot be managed using a DCC policy in a secure fabric. Proxy devices are
always granted full access, even if the DCC policy has an entry that restricts the proxy device’s
access.
The secModeEnable command performs the following actions: