Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B Full SAN Switch
71727374757677787980
Secure Fabric OS Administrator’s Guide 3-25
Publication Number: 53-1000244-01
3
To create an SCC policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate "SCC_POLICY", “member;...;member.
member indicates a switch that is permitted to join the fabric. Specify switches by WWN, domain
ID, or switch name. Enter an asterisk (*) to indicate all the switches in the fabric.
For example, to create an SCC policy that allows switches that have domain IDs 2 and 4 to join the
fabric:
3. To save or activate the new policy, enter either the secPolicySave or the secPolicyActivate command.
If neither of these commands is entered, the changes are lost when the session is logged out. For
more information about these commands, see “Saving Changes to Secure Fabric OS Policies” on
page 3-26 and “Activating Changes to Secure Fabric OS Policies” on page 3-27.
Managing Secure Fabric OS Policies
All Secure Fabric OS transactions must be performed through the primary FCS switch only, except for
the secTransAbort, secFCSFailover, secStatsReset, and secStatsShow commands.
You can create multiple sessions to the primary FCS switch from one or more hosts. However, the
software allows only one Secure Fabric OS transaction at a time. If a second Secure Fabric OS
transaction is started, it fails. The only secondary transaction that can succeed is the secTransAbort
command.
All policy modifications are saved in volatile memory only until the changes are saved or activated.
The following functions can be performed on existing Secure Fabric OS policies:
“Saving Changes to Secure Fabric OS Policies” on page 3-26
Save changes to flash memory without actually implementing the changes within the fabric. This
saved but inactive information is known as the defined policy set.
Table 3-13 SCC Policy States
Policy State SCC Policy Enforcement
No policy specified All switches may join the fabric.
Policy specified, but with
no members
The SCC policy includes all FCS switches. All non-FCS switches are
excluded.
Only FCS switches may join the fabric.
Policy specified, with
members
The SCC policy contains all FCS switches and any switches specified in
the member list. Any non-FCS switches not explicitly specified are
excluded. Only FCS switches and explicitly specified non-FCS switches
may join the fabric.
primaryfcs:admin> secpolicycreate "SCC_POLICY", “2;4”
SCC_POLICY has been created