Manualshelf

HP StorageWorks Secure Fabric OS 5.0.0 User Guide (AA-RW1UA-TE, May 2005)

ManualsBrandsHP ManualsStorageBrocade BladeSystem 4/24 SAN Switch
71727374757677787980
79Secure Fabric OS 5.0.0 user guide
4. To apply the change to current transactions, disable the switch then re-enable it by
entering the switchDisable and switchEnable commands. This stops any current
traffic between devices that are zoned using node names.
Creating a DCC policy
Multiple DCC policies can be used to restrict which device ports can connect to which switch
ports. The devices can be initiators, targets, or intermediate devices such as SCSI routers and
loop hubs. By default, all device ports are allowed to connect to all switch ports; no DCC
policies exist until they are created by the administrator.
Each device port can be bound to one or more switch ports; the same device ports and switch
ports might be listed in multiple DCC policies. After a switch port is specified in a DCC policy,
it permits connections only from designated device ports. Device ports that are not specified in
any DCC policies are allowed to connect only to switch ports that are not specified in any
DCC policies.
NOTE: Some older private loop HBAs do not respond to port login from the switch and are
not enforced by the DCC policy. However, this does not create a security problem because
these HBAs cannot contact any device outside of their immediate loop.
DCC policies must follow the naming convention “DCC_POLICY_nnn,” where nnn represents
a unique string. To save memory and improve performance, one DCC policy per switch or
group of switches is recommended.
Device ports must be specified by port WWN. Switch ports can be identified by the switch
WWN, domain ID, or switch name followed by the port or area number. To specify an
allowed connection, enter the device port WWN, a semicolon, and the switch port
identification. Following are the possible methods of specifying an allowed connection:
deviceportWWN;switchWWN (port or area number)
deviceportWWN;domainID (port or area number)
deviceportWWN;switchname (port or area number)
primaryfcs:admin> secpolicycreate “OPTIONS_POLICY”, “NoNodeWWNZoning”
OPTIONS_POLICY has been created.