Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
51525354555657585960
44 Secure Fabric OS Administrator’s Guide
53-1000244-02
3
CAUTION
An empty MAC policy blocks all access through that management channel. When creating policies,
ensure that all desired members are added to each policy.
Providing fabric access to proxy servers is strongly discouraged. When a proxy server is included in
a MAC policy for IP-based management, such as the HTTP_POLICY, all IP packets leaving the proxy
server appear to originate from the proxy server. This could result in allowing any hosts that have
access to the proxy server to access the fabric.
Serial, Telnet, and API violations that occur on the standby CP of a chassis-based platform do not
display on the active CP. Also, during an HA failover, security violation counters and events are not
propagated from the former active CP to the current active CP.
Creating an SNMP Policy
Read and write SNMP policies can be used to specify which SNMP hosts are allowed read and write
access to the fabric:
RSNMP_POLICY (read access)
Only the specified SNMP hosts can perform read operations to the fabric.
WSNMP_POLICY (write access)
Only the specified SNMP hosts can perform write operations to the fabric.
The SNMP hosts must be identified by IP address.
Any host granted write permission by the WSNMP policy is automatically granted read permission
by the RSNMP policy.
See “To create an SNMP policy” on page 45.
Table 4 lists the expected read and write behaviors resulting from combinations of the RSNMP and
WSNMP policies.
TABLE 4 Read and Write Behaviors of SNMP Policies
RSNMP Policy WSNMP Policy Read Result Write Result
Nonexistent Nonexistent Any host can read Any host can write
Nonexistent Empty Any host can read No host can write
Nonexistent Host B in policy Any host can read Only B can write
Empty Nonexistent This combination is not supported. If the WSNMP policy is
not defined, the RSNMP policy cannot be created.
Empty Empty No host can read No host can write
Empty Host B in policy Only B can read Only B can write
Host A in policy Nonexistent This combination is not supported. If the WSNMP policy is
not defined, the RSNMP policy cannot be created.
Host A in policy Empty Only A can read No host can write
Host A in policy Host B in policy A and B can read Only B can write