Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B Full SAN Switch
61626364656667686970
3-14 Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
3
To create an SNMP policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “WSNMP_POLICY”, “member;...;member.
member is one or more IP addresses in dot-decimal notation. “0” can be entered in an octet to
indicate that any number can be matched in that octet.
For example, to create an WSNMP and an RSNMP policy to allow only IP addresses that match
192.168.5.0 read and write access to the fabric:.
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate
command.
If neither of these commands is entered, the changes are lost when the session is logged out. For
more information about these commands, see “Saving Changes to Secure Fabric OS Policies” on
page 3-26 and “Activating Changes to Secure Fabric OS Policies” on page 3-27.
Telnet Policy
The Telnet policy can be used to specify which workstations can use sectelnet or SSH to connect to the
fabric. The policy is named TELNET _POLICY and contains a list of the IP addresses for the trusted
workstations (workstations that are in a physically secure area).
When a SilkWorm 24000 or 48000 director is in secure mode, sectelnet or SSH sessions cannot be
opened to the active CP. This prevents potential violation of the Telnet policy, since the active CP can be
used to access either of the logical switches on a two-domain SilkWorm 24000. However, sectelnet or
SSH sessions can be established to the IP addresses of the logical switches and to the standby CP, if
allowed by the Telnet policy. If the active CP fails over, any sectelnet or SSH sessions to the standby CP
are automatically terminated when the standby CP becomes the active CP.
Empty Host B in policy Only B can read Only B can write
Host A in policy Nonexistent This combination is not supported. If the WSNMP
policy is not defined, the RSNMP policy cannot be
created.
Host A in policy Empty Only A can read No host can write
Host A in policy Host B in policy A and B can read Only B can write
primaryfcs:admin> secpolicycreate "WSNMP_POLICY", "192.168.5.0"
WSNMP_POLICY has been created.
primaryfcs:admin> secpolicycreate "RSNMP_POLICY", "192.168.5.0"
RSNMP_POLICY has been created.
Table 3-3 Read and Write Behaviors of SNMP Policies (Continued)
RSNMP Policy WSNMP Policy Read Result Write Result