Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B Full SAN Switch
71727374757677787980
3-22 Secure Fabric OS Administrator’s Guide
Publication Number: 53-1000244-01
3
DCC policies must follow the naming convention “DCC_POLICY_nnn,” where nnn represents a
unique string. To save memory and improve performance, one DCC policy per switch or group of
switches is recommended.
Device ports must be specified by port WWN. Switch ports can be identified by the switch WWN,
domain ID, or switch name followed by the port or area number. To specify an allowed connection,
enter the device port WWN, a semicolon, and the switch port identification. Following are the possible
methods of specifying an allowed connection:
deviceportWWN;switchWWN (port or area number)
deviceportWWN;domainID (port or area number)
deviceportWWN;switchname (port or area number)
How to create a DCC policy is described after Table 3-12, which shows the possible DCC policy states.
Table 3-12 DCC Policy States
Policy State Characteristics
No policy Any device can connect to any switch port in the fabric.
Policy with no entries Any device can connect to any switch port in the fabric. An empty
policy is the same as no policy.
Policy with entries If a device WWN is specified in a DCC policy, that device is only
allowed access to the fabric if connected to a switch port listed in the
same policy.
If a switch port is specified in a DCC policy, it only permits connections
from devices that are listed in the policy.
Devices with WWNs that are not specified in a DCC policy are allowed
to connect to the fabric at any switch ports that are not specified in a
DCC policy.
Switch ports and device WWNs may exist in multiple DCC policies.
Proxy devices are always granted full access and can connect to any
switch port in the fabric.
N
ote
When a DCC violation occurs, the related port is automatically disabled and must be re-enabled using
the portEnable command.
Proxy device access cannot be managed using a DCC policy in a secure fabric. Proxy devices are always
granted full access, even if the DCC policy has an entry that restricts or limits access of a proxy device.