Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)
Secure Fabric OS Administrator’s Guide 43
53-1000244-02
3
Specify policy members by IP address, device port WWN, switch WWN, domain IDs, or switch
names, depending on the policy. The valid methods for specifying policy members are listed in
Table 3.
NOTE
If IP addresses are used, “0” used for an octet indicates that any number can be matched for that
octet. For example, 192.168.11.0 allows access for all IP devices in the range 192.168.11.0 through
192.168.11.255. If domain IDs or switch names are used, the corresponding switches must be in
the fabric for the command to succeed.
CREATING A MAC POLICY
Use Management Access Control (MAC) policies to restrict the following management access to the
fabric:
• Access by hosts using SNMP, telnet/sectelnet/SSH, HTTP, API
• Access by device ports using SCSI Enclosure Services (SES) or management server
• Access through switch serial ports and front panels
The individual MAC policies and how to create them are described in the following sections. By
default, all MAC access is allowed; no MAC policies exist until they are created
TABLE 3 Valid Methods for Specifying Policy Members
Policy Name IP address Device Port
WWN
Switch WWN Domain IDs Switch
names
FCS_POLICY No No Yes Yes Yes
MAC Policies:
RSNMP_POLICY Yes No No No No
WSNMP_POLICY Yes No No No No
TELNET_POLICY Yes No No No No
HTTP_POLICY Yes No No No No
API_POLICY YesNoNoNoNo
SES_POLICY No Yes No No No
MS_POLICY No Yes No No No
SERIAL_POLICY No No Yes Yes Yes
FRONTPANEL_POLICY No No Yes Yes Yes
OPTIONS_POLICY For information about valid input, see “Creating an Options Policy” on
page 50.
DCC_POLICY_nnn No Yes Yes Yes Yes
SCC_POLICY No No Yes Yes Yes