Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B Full SAN Switch
51525354555657585960
3-2 Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
3
Default Fabric and Switch Accessibility
Following is the default fabric and switch access when secure mode is enabled but no additional Secure
Fabric OS policies have been created:
Switches:
- Only the primary FCS switch can be used to make Secure Fabric OS changes.
- Any SilkWorm switch can join the fabric, provided it is connected to the fabric, a SilkWorm
2000-series switch or later, and meets the minimum Secure Fabric OS requirements (such as
Secure Fabric OS and Advanced Zoning licenses and digital certificates).
- All switches in the fabric can be accessed through a serial port.
- All switches in the fabric that have front panels (SilkWorm 2000-series switches) can be
accessed through the front panel.
Computer hosts and workstations:
- Any host can access the fabric by using SNMP.
- Any host can access any switch in the fabric by using the CLI (such as by sectelnet or SSH).
- Any host can establish an HTTP connection to any switch in the fabric.
- Any host can establish an API connection to any switch in the fabric.
Devices:
- All device ports can access SES.
- All devices can access the management server.
- Any device can connect to any Fibre Channel port in the fabric.
Zoning: node WWNs can be used for WWN-based zoning.
Enabling Secure Mode
Secure mode is enabled and disabled on a fabric-wide basis. Secure mode can be enabled and disabled
as often as desired; however, all Secure Fabric OS policies, including the FCS policy, are deleted each
time secure mode is disabled, and they must be re-created the next time it is enabled. The Secure Fabric
OS database can be backed up using the configUpload command. For more information about this
command, see the Fabric OS Command Reference.
Secure mode is enabled using the secModeEnable command. This command must be entered through a
sectelnet, SSH, or serial connection to the switch designated as the primary FCS switch. The command
fails if any switch in the fabric is not capable of enforcing Secure Fabric OS policies. If the primary FCS
switch fails to participate in the fabric, the role of the primary FCS switch moves to the next available
switch listed in the FCS policy. See the Fabric OS Command Reference for more information.
N
ote
Proxy device access cannot be managed using a DCC policy in a secure fabric. Proxy devices are always
granted full access, even if the DCC policy has an entry that restricts the proxy device’s access.