Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B Full SAN Switch
919293949596979899100
Secure Fabric OS Administrator’s Guide 4-17
Publication Number: 53-1000244-01
4
Preventing a LUN Connection
It might be necessary to prevent someone from connecting a host and mounting a logical unit number
(LUN) connection to your secure fabric. Besides hardware-enforced zoning, you need to create options
and DCC policies on each switch in the secure fabric after configuring it in all your hosts and storage.
This locks down anything that is connected to the secure fabric. If someone subsequently plugs in a
rogue host, that port becomes disabled. Alternatively, if your primary FCS switch is running Fabric OS
v3.2.0, v4.4.0, or v5.x you can use secModeEnable --quickmode, --lockdown, or
--lockdown=dcc to enable secure mode; either option creates DCC policies for each port in the fabric.
Troubleshooting
Some of the most likely issues with Secure Fabric OS management and the recommended actions are
described in Table 4-5. The information in the table is based on the assumption that the fabric was
originally fully functional and secure mode was enabled.
N
ote
If you change the PID format used on the fabric (for example, from native mode to core PID mode), you
need to create new DCC policies on each switch.
If an edge fabric is connected to a fibre channel router, secModeEnable --quickmode is not supported.
N
ote
Some of the recommended actions might interrupt data traffic.
Table 4-5 Recovery Processes
Symptom Possible Causes Recommended Actions
Secure Fabric OS
policies do not appear to
be in effect.
Secure mode is not enabled. Type the secModeShow command. If secure mode is disabled,
enter the secModeEnable command on the switch that you want to
become the primary FCS switch and specify the FCS switches at
the prompts.
Policy changes have not
been applied.
Type the secPolicyShow command and review the differences
between the active and defined policy sets. If desired, enter the
secPolicyActivate command to activate all recent policy changes.
Fabric has segmented. See possible causes and actions for “One or more switches has
segmented from the fabric,” later in this table.