Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
61626364656667686970
50 Secure Fabric OS Administrator’s Guide
53-1000244-02
3
If neither of these commands is entered, the changes are lost when the session is logged out.
For more information about these commands, see “Saving Changes to Secure Fabric OS
Policies” on page 56 and Activating Changes to Secure Fabric OS Policies” on page 56.
For example, to create a SERIAL_POLICY that allows serial port access to a switch that has a
WWN of 12:24:45:10:0a:67:00:40:
primaryfcs:admin> secpolicycreate "SERIAL_POLICY", "12:24:45:10:0a:67:00:40"
SERIAL_POLICY has been created.
Front Panel Policy
The Front Panel policy can be used to restrict which switches can be accessed through the front
panel. This policy only applies to SilkWorm 2800 switches, since no other switches contain front
panels. The policy is named FRONTPANEL_POLICY and contains a list of switch WWNs, domain IDs,
or switch names for which front panel access is enabled. Table 11 displays the possible Front Panel
policy states.
To create a Front Panel policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “FRONTPANEL_POLICY”, “member;...;member.
member is a switch WWN, domain ID, or switch name. If a domain ID or switch name is used to
specify a switch, the associated switch must be present in the fabric for the command to
succeed.
For example, to create a Front Panel policy to allow only domains 3 and 4 to use the front panel
primaryfcs:admin> secpolicycreate "FRONTPANEL_POLICY", "3; 4"
FRONTPANEL_POLICY has been created.
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out.
For more information about these commands, see “Saving Changes to Secure Fabric OS
Policies” on page 56 and Activating Changes to Secure Fabric OS Policies” on page 56.
CREATING AN OPTIONS POLICY
The Options policy can be used to prevent the use of node WWNs to add members to zones. This
policy is named OPTIONS_POLICY and has only one valid value, NoNodeWWNZoning”. Adding this
value to the policy prevents use of Node WWNs for WWN-based zoning.
The use of node WWNs can introduce ambiguity because the node WWN might also be used for
one of the device ports, as might be true with a host bus adapter (HBA). If the policy does not exist
or is empty, node WWNs can be used for WWN-based zoning. Only one Options policy can be
created. This policy cannot be used to control use of port WWNs for zoning.
TABLE 11 Front Panel Policy States
Policy State Characteristics
No policy All the switches in the fabric have front panel access enabled.
Policy with no entries All the switches in the fabric have front panel access disabled.
Policy with entries Only specified switches in the fabric have front panel access enabled.