HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March 2008)
Fabric OS 6.x administrator guide 105
switch. Setting the configuration parameter to accept indicates distribution of the policy will be accepted
and distribution may be initiated using the distribute -p command. Setting the configuration
parameter to reject indicates the policy distribution is rejected and the switch may not distribute the policy.
The default value for the distribution configuration parameter is accept, which means the switch accepts
all database distributions and is able to initiate a distribute operation for all databases.
Configuring a DCC policy
Multiple DCC policies can be used to restrict which device ports can connect to which switch ports. The
devices can be initiators, targets, or intermediate devices such as SCSI routers and loop hubs. By default,
all device ports are allowed to connect to all switch ports; no DCC policies exist until they are created.
Each device port can be bound to one or more switch ports; the same device ports and switch ports may
be listed in multiple DCC policies. After a switch port is specified in a DCC policy, it permits connections
only from designated device ports. Device ports that are not specified in any DCC policies are allowed to
connect only to switch ports that are not specified in any DCC policies.
When a DCC violation occurs, the related port is automatically disabled and must be re-enabled using the
portEnable command.
The procedure used to create a DCC policy is described after Table 28, which shows the possible DCC
policy states.
DCC policy restrictions
The following restrictions apply when using DCC policies:
• Some older private-loop HBAs do not respond to port login from the switch and are not enforced by the
DCC policy. This does not create a security problem because these HBAs cannot contact any device
outside of their immediate loop.
• DCC policies cannot manage or restrict iSCSI connections, that is, an FC Initiator connection from an
iSCSI gateway.
Table 27 Distribution policy states
Fabric OS State
6.0 and 5.3.0 configured to
accept
Target switch accepts distribution and fabric state change occurs.
6.0 and 5.3.0 configured to
reject
Target switch explicitly rejects the distribution and the operation fails. The
entire transaction is aborted and no fabric state change occurs.
5.2.0 switch (not configured
as it does not support this)
Target switch receives distribution but ignores FCS policy database.
Pre-5.2.0 No distribution is initiated as pre-5.2.0 versions do not support this
operation.
Table 28 DCC policy states
Policy state Characteristics
No policy Any device can connect to any switch port in the fabric.
Policy with no entries Any device can connect to any switch port in the fabric. An empty policy is the
same as no policy.
Policy with entries If a device WWN is specified in a DCC policy, that device is only allowed
access to the switch if connected by a switch port listed in the same policy.
If a switch port is specified in a DCC policy, it only permits connections from
devices that are listed in the policy.
Devices with WWNs that are not specified in a DCC policy are allowed to
connect to the switch at any switch ports that are not specified in a DCC policy.
Switch ports and device WWNs may exist in multiple DCC policies.
Proxy devices are always granted full access and can connect to any switch port
in the fabric.