Manualshelf

Brocade Web Tools Administrator's Guide v6.2.0 (53-1001194-01, April 2009)

ManualsBrandsHP ManualsStorageHP DC SAN Backbone Director Switch
241242243244245246247248249250
Web Tools Administrator’s Guide 215
53-1001194-01
Chapter
17
Configuring Standard Security Features
In this chapter
User-defined accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Access control list policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Authentication policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
SNMP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
RADIUS service management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Active Directory service management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
IPSec Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
IPSec over FCIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
IPSec over management ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Establishing authentication policies for HBAs. . . . . . . . . . . . . . . . . . . . . . . 259
User-defined accounts
In addition to the default accounts—root, factory, admin, and user—Fabric OS supports up to 256
user-defined accounts in each logical switch (domain). These accounts expand your ability to track
account access and audit administrative activities.
When the Virtual Fabrics capability is enabled, each user-defined account is associated with the
following:
Virtual Fabric ID—Specifies which Virtual Fabrics a user account is allowed to log in to.
Home Virtual Fabric—Specifies the Virtual Fabric that the user is logged in to by default.
Role—Determines functional access levels within the Virtual Fabric.
When the Admin Domain capability is enabled, each user-defined account is associated with the
following:
Admin Domain list—Specifies what Admin Domains a user account is allowed to log in to.
Home Admin Domain—Specifies the Admin Domain that the user is logged in to by default. The
home Admin Domain must be a member of the user’s Admin Domain list.
Role—Determines functional access levels within the bounds of the user’s current Admin
Domain.
NOTE
Virtual Fabrics and Admin Domains are mutually exclusive.
Access rights for any user session are determined both by the user’s role-based access rights. See
Chapter 1, “Introducing Web Tools” for additional information about Role-Based Access Control
(RBAC).