Manualshelf

Brocade Access Gateway Admin Guide v6.1.0 (53-1000605-02, June 2008)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/64 32-Port Base SAN Switch
11121314151617181920
2 Access Gateway Administrator’s Guide
53-1000605-02
Brocade Access Gateway
1
FIGURE 1 Access Gateway and fabric switch comparison
The following points summarize the differences between a Fabric OS switch in Native mode and a
Fabric OS switch in AG mode:
The Fabric OS switch in Native mode is a part of the fabric; it requires two to four times as
many physical ports, consumes fabric resources, and can connect to a Fabric OS fabric only.
AG is outside the fabric; it reduces the number of switches in the fabric and the number of
required physical ports. You can connect AG to either a Fabric OS, M-EOS, or Cisco-based
fabric.
Fabric OS features in Access Gateway mode
When a switch is behaving as an Access Gateway, RBAC features in Fabric OS are available, but
Admin Domains, Advanced Performance Monitoring, direct connection to SAN target devices are
available, Fibre Channel Arbitrated Loop support, Fabric Manager, FICON, IP over FC, ISL trunking,
extended fabrics, management platform services, name services (SNS), port mirroring, SMI-S, and
zoning are not available. For more information on AG supported features, see Access Gateway
trunking considerations” on page 23. You must have the role of securityadmin, admin, or user to
configure AG.
All security enforcement is done in the Enterprise fabric using the Advanced Device Security policy
(ADS), which secures virtual connections in the case where the physical connection to the SAN is
lost. When you enable the ADS policy, by default, every port is configured to allow all devices to log
in or be a part of the Access List. The Allow list restricts the number of devices that can log in to a
specified F_Port. Because all WWNs are a part of the Access List, you can identify which devices
are allowed to log in on a per F_Port basis by specifying the device’s port WWN(PWWN). Using the
ag
--adsset command, you can set the “Allow List” to All Access or No Access.
For example, the Allow List can include the N_Port WWN and the PWWNs of all the HBAs connected
to the F_Ports that are mapped an N_Port, which is connected to a switch in AG mode. If there is an
ADS policy violation, the AG connection is disabled and all of the N_Ports to which the F_Ports are
connected are also disabled. For information on how to specify which devices to include or exclude
at login, see “Setting which devices can log in if ADS policy is enabled” on page 9 or “Setting which
devices cannot log in if ADS policy is enabled” on page 10.