Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
61626364656667686970
48 Secure Fabric OS Administrator’s Guide
53-1000244-02
3
SES Policy
The SES policy can be used to restrict which devices can be managed by SES commands. The
policy is named SES_POLICY and contains a list of device port WWNs that are allowed to access
SES and from which SES commands are accepted and acted upon.
If secure mode is enabled, the SES client must be directly attached to the primary FCS switch. Then
the SES client can be used to manage all the switches in the fabric through the SES product for
SilkWorm switches. Refer to the SES User’s Guide for more information.
The current SES implementation does not support the SES commands Read Buffer or Write Buffer
for remote switches. To direct these commands to a switch that is not the primary FCS switch,
designate that switch as the primary FCS switch and attach the SES client directly to it.
NOTE
Only Fabric OS v2.6.2 supports the SES policy.
Table 8 displays the possible SES policy states.
To create an SES policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “SES_POLICY”, “member;...;member.
member is a device port WWN.
3. To save or activate the new policy, enter either secPolicySave or secPolicyActivate.
If neither of these commands is entered, the changes are lost when the session is logged out.
For more information about these commands, see “Saving Changes to Secure Fabric OS
Policies” on page 56 and Activating Changes to Secure Fabric OS Policies” on page 56.
For example, to create an SES_POLICY that allows access through a device that has a WWN of
12:24:45:10:0a:67:00:40:
primaryfcs:admin> secpolicycreate "SES_POLICY", "12:24:45:10:0a:67:00:40"
SES_POLICY has been created.
Management Server Policy
The Management Server policy can be used to restrict which devices can be accessed by the
management server. Fabric configuration and control functions can be performed only by
requesters that are directly connected to the primary FCS switch. The policy is named MS_POLICY
and contains a list of device port WWNs for which the management server implementation in
Fabric OS (designed according to FC-GS-3 standard) accepts and acts on requests.
TABLE 8 SES Policy States
Policy State Characteristics
No policy All device ports can access SES.
Policy with no entries No device port can access SES.
Policy with entries The specified devices can access SES.