Brocade Web Tools Administrator's Guide v6.2.0 (53-1001194-01, April 2009)
Web Tools Administrator’s Guide 215
53-1001194-01
Chapter
17
Configuring Standard Security Features
In this chapter
•User-defined accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
•Access control list policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
•Authentication policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
•SNMP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
•RADIUS service management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
•Active Directory service management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
•IPSec Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
•IPSec over FCIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
•IPSec over management ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
•Establishing authentication policies for HBAs. . . . . . . . . . . . . . . . . . . . . . . 259
User-defined accounts
In addition to the default accounts—root, factory, admin, and user—Fabric OS supports up to 256
user-defined accounts in each logical switch (domain). These accounts expand your ability to track
account access and audit administrative activities.
When the Virtual Fabrics capability is enabled, each user-defined account is associated with the
following:
• Virtual Fabric ID—Specifies which Virtual Fabrics a user account is allowed to log in to.
• Home Virtual Fabric—Specifies the Virtual Fabric that the user is logged in to by default.
• Role—Determines functional access levels within the Virtual Fabric.
When the Admin Domain capability is enabled, each user-defined account is associated with the
following:
• Admin Domain list—Specifies what Admin Domains a user account is allowed to log in to.
• Home Admin Domain—Specifies the Admin Domain that the user is logged in to by default. The
home Admin Domain must be a member of the user’s Admin Domain list.
• Role—Determines functional access levels within the bounds of the user’s current Admin
Domain.
NOTE
Virtual Fabrics and Admin Domains are mutually exclusive.
Access rights for any user session are determined both by the user’s role-based access rights. See
Chapter 1, “Introducing Web Tools” for additional information about Role-Based Access Control
(RBAC).