HP StorageWorks Secure Fabric OS 5.0.0 User Guide (AA-RW1UA-TE, May 2005)
Creating Secure Fabric OS policies82
Creating an SCC policy
The SCC policy is used to restrict which switches can join the fabric. Switches are checked
against the policy each time secure mode is enabled, the fabric is initialized with secure mode
enabled, or an E_Port-to-E_Port connection is made.
The policy is named SCC_POLICY, and accepts members listed as WWNs, domain IDs, or
switch names. Only one SCC policy may be created.
By default, any switch is allowed to join the fabric; the SCC policy does not exist until it is
created by the administrator.
NOTE: When an SCC policy is activated, any non-FCS switches in the fabric not included in
the policy member list, will be segmented from the fabric.
The possible SCC policy states are shown in Table 14.
To create an SCC policy:
1. Log in to the primary FCS switch as admin from a sectelnet or Secure Shell session.
2. Type secPolicyCreate "SCC_POLICY", “member;...;member”.
Member
indicates a switch that is permitted to join the fabric. Switches can be specified by
WWN, domain ID, or switch name. An asterisk (*) can be entered to indicate all the
switches in the fabric.
3. To save or activate the new policy, enter either the secPolicySave or the
secPolicyActivate command.
Table 14 SCC policy states
Policy state SCC policy enforcement
No policy
specified
All switches may join the fabric.
Policy specified,
but with no
members
The SCC policy includes all FCS switches. All non-FCS switches are
excluded.
Only FCS switches may join the fabric.
Policy specified,
with members
The SCC policy contains all FCS switches and any switches specified in
the member list. Any non-FCS switches not explicitly specified are
excluded. Only FCS switches and explicitly specified non-FCS switches
may join the fabric.