Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
81828384858687888990
Secure Fabric OS Administrator’s Guide 73
53-1000244-02
4
Ensure that all the FCS policies are an exact match; they must list the same switches, with the
switches identified in the same manner and listed in the same order.
If a fabric has become segmented with secure mode enabled but no FCS switches available,
enter the secModeEnable command and modify the FCS policy to specify FCS switches. This is
the only instance in which this command can be entered when secure mode is already
enabled.
10. Modify the SCC policy on the final primary FCS switch (the one that will succeed as the primary
FCS switch in the final merged fabric) to include all switches that are being merged.
11. Ensure that the final primary FCS switch has the desired Secure Fabric OS policy set, zoning
configuration, password information, MUA information, and SNMP community strings.
The primary FCS switch distributes this information fabric-wide.
For information about managing zoning configurations, refer to the Fabric OS Administrator’s
Guide.
12. Verify that the fabric that contains the final primary FCS switch has a nonzero version stamp by
logging into the fabric and entering the secModeShow command.
If this fabric does not show a nonzero version stamp, modify a policy and enter either the
secPolicySave or secPolicyActivate command to create a nonzero version stamp. Set the
version stamp of the other fabrics to 0 by logging in to each fabric and entering the
secVersionReset command.
13. If fabrics are to be rejoined after a segmentation, enter the switchDisable and switchEnable
commands on each switch that was segmented from the primary FCS switch. For each ISL
connected to the segmented switch, enter the portDisable and portEnable commands on both
ISL ports.
14. Physically connect the fabrics. The fabrics automatically merge and the Secure Fabric OS
configuration associated with the primary FCS switch that has the nonzero version stamp is
kept.
Preventing a LUN Connection
It might be necessary to prevent someone from connecting a host and mounting a logical unit
number (LUN) connection to your secure fabric. Besides hardware-enforced zoning, you need to
create options and DCC policies on each switch in the secure fabric after configuring it in all your
hosts and storage. This locks down anything that is connected to the secure fabric. If someone
subsequently plugs in a rogue host, that port becomes disabled. Alternatively, if your primary FCS
switch is running Fabric OS v3.2.0, v4.4.0, or v5.x you can use secModeEnable --quickmode,
--lockdown, or --lockdown=dcc to enable secure mode; either option creates DCC policies for each
port in the fabric.
NOTE
If you change the PID format used on the fabric (for example, from native mode to core PID mode),
you need to create new DCC policies on each switch.
If an edge fabric is connected to a fibre channel router, secModeEnable --quickmode is not
supported.