Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B Full SAN Switch
51525354555657585960
3-4 Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
3
The following restrictions apply when secure mode is enabled:
Standard telnet cannot be used after secure mode is enabled; however, sectelnet can be used as soon
as a digital certificate is installed on the switch. SSH can be used at any time; however, telnet
sessions opened prior to issuing secModeEnable remain open if secure mode is enabled using the
option to preserve passwords. If telnet use is completely prohibited, the telnet protocol should be
disabled on each switch, using the configure command, prior to enabling secure mode.
Several commands can be entered only from the FCS switches. See “Command Restrictions in
Secure Mode” on page B-6 for a list of these commands.
If downloading a configuration to the switch:
- Download the configuration to the primary FCS switch. A configuration downloaded to a
backup FCS switch or non-FCS switch is overwritten by the next fabric-wide update from the
primary FCS switch.
- If the configdownload file contains an RSNMP policy, it must also contain a WSNMP policy.
- The defined policy set in the configdownload file must have the following characteristics:
The defined policy set must exist.
The FCS policy must be the first policy.
The FCS policy must have at least one switch in common with the current defined FCS
policy in the fabric.
- The active policy set in the configdownload file must have the following characteristics:
The active policy set must exist.
The FCS policy must be the first policy.
The FCS policy must be identical to the active FCS policy in the fabric.
For information about displaying the existing Secure Fabric OS policies, see “Displaying Individual
Secure Fabric OS Policies” on page 4-3.
To enable secure mode in the fabric
1. Ensure that all switches in the fabric have the following:
Fabric OS v2.6.2, v3.2.x, v4.4.x, v5.0.1, v5.1.0, or v5.2.0
An activated Secure Fabric OS license
An activated Advanced Zoning license
Digital certificate
ote
If any part of the configuration download process fails, resolve the source of the problem
and repeat the configDownload command. For information about troubleshooting the
configuration download process, see the Fabric OS Administrator’s Guide.
After configDownload, the policy database might require up to 8 minutes to download.
N
ote
Enabling secure mode fastboots all Fabric OS v2.6.x switches in the fabric.