Manualshelf

Brocade Fabric Manager Administrator's Guide v6.1.0 (53-10000610-02, June 2008)

ManualsBrandsHP ManualsStorageHP DC04 SAN Director Switch
261262263264265266267268269270
Fabric Manager Administrator’s Guide 241
53-10000610-02
Chapter
18
Secure Fabric Management
In this chapter
This chapter provides information on enabling secure mode for a fabric, adding a switch to a secure
fabric, and checking secure fabrics prior to merging them. It also includes information about using
the policy editor to configure security policies, and provides instructions on how to configure no
node WWN zoning, how to change admin security passwords (for FCS or non-FCS
switches/directors), and how to use telnet on a secure fabric. See the following topics for specific
secure fabric information:
Create a secure fabric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Security policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Add a switch to a secure fabric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Secure fabric merge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Telnet on a secure fabric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Create a secure fabric
This section describes how to create a secure fabric using the Secure Fabric wizard.
NOTE
Fabric Manager does not support Security Operations for the user role SecurityAdmin.
To use the Secure Fabric wizard, your primary FCS switch must be running Fabric OS v5.0.0 or later,
Fabric OS v4.4.0 or later, or Fabric OS v3.2x or later. If your primary FCS switch is not running one of
these operating systems, you must enable or disable secure mode using the CLI. See the Secure
Fabric OS Administrator’s Guide for CLI information.
All switches in the fabric must be running Fabric OS v5.0.0 or later, Fabric OS v4.1x or later, Fabric
OS V3.1x or later, or Fabric OS v2.6.1x or later, regardless of whether you are using CLI or the
Secure Fabric wizard.
If you enable secure mode on a fabric that contains any Fabric OS v5.2.x switches, any switch local
ACL policies (SCC, DCC, and Distributed Passwords) are discarded.
Some Secure Fabric policies do not support switches with IPv6 IP addresses. This includes Telnet,
HTTP, API, and SNMP policies.
You cannot enable secure mode under the following conditions:
You cannot enable secure mode on a fabric unless all switches in the fabric have a Secure
Fabric OS license, a zoning license, and security certificates installed. For more information
about security certificates, see the Secure Fabric OS Administrator’s Guide.