Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
61626364656667686970
54 Secure Fabric OS Administrator’s Guide
53-1000244-02
3
CREATING AN SCC POLICY
CAUTION
Fabric OS v5.2.0 supports local SCC policies; however the local SCC polices created in non-secure
mode cannot be used while in secure mode. Policies created in non-secure mode are deleted when
secure mode is enabled. Back up SCC policies before enabling secure mode.
The SCC policy is used to restrict which switches can join the fabric. Switches are checked against
the policy each time secure mode is enabled, the fabric is initialized with secure mode enabled, or
an E_Port-to-E_Port connection is made.
The policy is named SCC_POLICY and accepts members listed as WWNs, domain IDs, or switch
names. Only one SCC policy may be created.
By default, any switch is allowed to join the fabric; the SCC policy does not exist until it is created by
the administrator.
CAUTION
When an SCC policy is activated, any non-FCS switches in the fabric not included in the policy
member list, will segment from the fabric.
A SCC policy is required if FICON is enabled.
When connecting a fibre channel router to a secure Fabric that has an active SCC policy, the front
domain of the fibre channel router must be included in the SCC policy.
The possible SCC policy states are shown in Table 14.
To create an SCC policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate "SCC_POLICY", “member;...;member.
member indicates a switch that is permitted to join the fabric. Specify switches by WWN,
domain ID, or switch name. Enter an asterisk (*) to indicate all the switches in the fabric.
For example, to create an SCC policy that allows switches that have domain IDs 2 and 4 to join
the fabric:
primaryfcs:admin> secpolicycreate "SCC_POLICY", “2;4”
SCC_POLICY has been created
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate
command.
TABLE 14 SCC Policy States
Policy State SCC Policy Enforcement
No policy specified All switches may join the fabric.
Policy specified, but with no
members
The SCC policy includes all FCS switches. All non-FCS switches are excluded.
Only FCS switches may join the fabric.
Policy specified, with
members
The SCC policy contains all FCS switches and any switches specified in the
member list. Any non-FCS switches not explicitly specified are excluded. Only FCS
switches and explicitly specified non-FCS switches may join the fabric.