HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 2009)
126 Configuring advanced security features
Virtual Fabric considerations: In a Logical Fabric environment the SCC policy enforcement is not done on
the logical ISL. For a logical ISL-based switch, the SCC policy enforcement is considered as the reference
and the logical ISL is formed if the SCC enforcement passes on the extended ISL. The following functionality
changes:
• A Logical Switch supports an SCC policy. You can configure and distribute an SCC policy on a Logical
Switch.
• SCC enforcement is performed on a ISL based on the SCC policy present on the Logical Switch.
For more information on Virtual Fabrics, see Chapter 6, ”Managing virtual fabrics” on page 173.
Creating an SCC policy
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter secPolicyCreate “SCC_POLICY”, “member;...;member”.
where member indicates a switch that is permitted to join the fabric.
Specify switches by WWN, domain ID, or switch name. Enter an asterisk (*) to indicate all the switches
in the fabric.
For example, to create an SCC policy that allows switches that have domain IDs 2 and 4 to join the
fabric:
switch:admin> secpolicycreate "SCC_POLICY", "2;4"
SCC_POLICY has been created
3. Save or activate the new policy by entering either the secPolicySave or the secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out. For more
information about these commands, see ”ACL policy modifications” on page 126.
ACL policy modifications
You can save changes to the defined ACL policy set without activating them by entering the
secPolicySave command. You can implement changes to the ACL policies using the
secPolicyActivate command. This saves the changes to the active policy set and activates all policy
changes since the last time the command was entered. You cannot activate policies on an individual basis;
all changes to the entire policy set are activated by the command. Until a secPolicySave or
secPolicyActivate command is entered, all policy changes are in volatile memory only and are lost
upon rebooting.
Saving changes without activating the policies
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the secPolicySave command.
switch:admin> secpolicysave
Activating policy changes
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the secPolicyActivate command:
switch:admin> secpolicyactivate
About to overwrite the current Active data.
ARE YOU SURE (yes, y, no, n): [no] y
Deleting an ACL policy
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter secPolicyDelete “policy_name”.
where policy_name is the name of the ACL policy.