Brocade Fabric OS Command Reference Manual - Supporting Fabric OS v5.3.0 (53-1000436-01, June 2007)
576 Fabric OS Command Reference Manual
53-1000436-01
secPolicyAdd
2
secPolicyAdd
Adds members to an existing security policy.
Synopsis secpolicyadd "name"[, "member [;member...]"]
Description Use this command to add member to an existing access policy. The new members must not already
be members within the policy or the command fails.
Each policy corresponds to a management method. The list of members of a policy acts as an
access control list for that management method. When security is first enabled using the
secModeEnable command, only the FCS_POLICY exists. Before a policy is created, there is no
enforcement for that management method; all access is granted. After a policy has been created
and a member has been added to the policy, that policy becomes closed to all access except from
included members. If all members are then deleted from the policy, all access is denied for that
management access method (the DCC_POLICY is an exception).
When secure mode is enabled or FCS Policy is enabled in non-secure mode, this command can be
issued only from the Primary FCS switch. The secpolicyadd command can be issued on all switches
for SCC and DCC policies as long as fabric-wide consistency policy is not set for the particular
policy.
Do not add the WWNs of front or translate (xlate) domains to the FCS policy if the secure edge
fabric is connected to an FC Router.
Operands This command has the following operands:
"name" Specify the name of an existing policy to which you want to add members
.
Valid values for this operand are:
• DCC_POLICY_nnn
• TELNET_POLICY
• HTTP_POLICY
• API_POLICY
• RSNMP_POLICY
• WSNMP_POLICY
• SES_POLICY
• MS_POLICY
• SERIAL_POLICY
• FRONTPANEL_POLICY
• SCC_POLICY
• OPTIONS_POLICY
• AUTH_POLICY
• IPF_POLICY
• FCS_POLICY
The specified policy name must be capitalized.