Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)
Secure Fabric OS Administrator’s Guide 3-1
Publication Number: 53-1000244-01
Chapter
3
Enabling Secure Fabric OS and Creating Policies
Secure Fabric OS policies make it possible to customize access to the fabric. The FCS policy is the only
required policy; all other policies are optional.
This chapter includes the following sections:
• “Default Fabric and Switch Accessibility,” next
• “Enabling Secure Mode” on page 3-2
• “Modifying the FCS Policy” on page 3-8
• “Creating Secure Fabric OS Policies Other Than the FCS Policy” on page 3-11
• “Managing Secure Fabric OS Policies” on page 3-25
To implement Secure Fabric OS policies:
• Determine which trusted switches to use as FCS switches to manage Secure Fabric OS.
• Enable secure mode in the fabric and specify the primary FCS switch and one or more backup FCS
switches. This automatically creates the FCS policy.
• Determine which additional Secure Fabric OS policies to implement in the fabric; then create and
activate those policies. An access policy must be created for each management channel that is used.
• Verify that the Secure Fabric OS policies are operating as intended. Testing a variety of scenarios to
verify optimal policy settings is recommended. For troubleshooting information, see
“Troubleshooting” on page 4-17.
Prerequisites to Enabling Secure Mode
For more information on any of the following items, see Fabric OS Administrator’s Guide.
Before enabling secure mode, do the following:
• Disable the FC-FC routing on all backbone fabrics.
• Set the Password policies to the default values.
• Remove user-defined Administrative Domains (AD 1-254).
• Assign users to the default Administrative Domain for their role.
• Clear Fabric-wide Consistency policies on all switches.
• Back up the switch-local SCC and DCC policies. These policies are deleted when secure mode is
enabled.