Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
71727374757677787980
62 Secure Fabric OS Administrator’s Guide
53-1000244-02
4
To display the active version of the FCS policy:
primaryfcs:admin> secpolicyshow "active","FCS_POLICY"
____________________________________________________
ACTIVE POLICY SET
FCS_POLICY
Pos Primary WWN DId swName
__________________________________________________
1 Yes 10:00:00:60:69:30:15:5c 1 primaryfcs
____________________________________________________
DISPLAYING STATUS OF SECURE MODE
Use the secModeShow command to determine whether secure mode is enabled.
To determine whether secure mode is enabled:
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type the secModeShow command. The command displays the status of secure mode, the
version number and time stamp, and the list of switches in the FCS policy.
switch:admin> secmodeshow
Secure Mode: ENABLED.
Version Stamp: 9182, Wed Mar 13 16:37:01 2001.
POS Primary WWN DId swName.
=============================================
1 Yes 10:00:00:60:69:00:00:5a 21 switch47.
2 No 12:00:00:60:60:03:23:5b 5 switch12.
Displaying and Resetting Secure Fabric OS Statistics
Secure Fabric OS provides several statistics regarding attempted policy violations. This includes
events such as the following:
A DCC policy exists that defines which devices are authorized to access which switch (port)
combinations, and a device that is not listed in the policy tries to access one of the defined
switch (port) combinations.
An attempt is made to log in to an account with an incorrect password.
The statistics for all DCC policies are added together
NOTE
Rebooting the switch resets all the statistics. Secure Fabric OS statistics also can be monitored
through Fabric Watch.
Each statistic indicates the number of times the monitored event has occurred since the statistics
were last reset (secStatsReset command). For the Telnet policy, this includes all the automated
login attempts made by the sectelnet or SSH client software, in addition to the actual attempts
made by the user.
On dual-CP directors, statistics are maintained separately on each CP and are counted only on the
active CP. If a director fails over from the active to the standby CP, statistics are not replicated to the
standby CP.