Manualshelf

Brocade Access Gateway Admin Guide v6.1.0 (53-1000605-02, June 2008)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/64 32-Port Base SAN Switch
21222324252627282930
8 Access Gateway Administrator’s Guide
53-1000605-02
Access Gateway policies
2
Access Gateway trunking considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Trunk group creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Setting up F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Assigning a Trunk Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Enabling Access Gateway trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Enabling the DCC policy on trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
F_Port Trunking monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Access Gateway policies
Brocade policy-based approach lets you restrict or filter traffic on standard Fabric OS switches and
switches in Access Gateway mode. You can enable the following policies on a switch in Access
Gateway mode:
Advance Device Security policy (ADS)
Automatic Port Configuration policy (APC)
Port Grouping policy (PG)
Showing current policies
You can run the following command to see which policies are enabled or disabled on a switch.
1. Connect to the switch and log in as admin.
2. Enter the ag
--policyshow command.
switch:admin> ag --policyshow
Policy_Description Policy_Name State
--------------------------------------------------
Port Grouping pg Enabled
Auto Port Configuration auto Disabled
Advanced Device Security ads Enabled
Advance Device Security policy
The Advance Device Security (ADS) policy is supported on AG F_Ports. Fabric OS v6.1.0 extends the
DCC policy to switches in AG mode to provide an additional level of security. It does this by
extending the DCC policy to the physical F_Ports and the NPIV logins on F_Ports. As more physical
servers become virtual, virtual servers can become vulnerable and security becomes an integral
part of server IO virtualization. This security policy is a mechanism that restricts fabric connectivity
to a set of devices that you can specify or allow to log in to the fabric connected through a switch in
AG mode. By default, the ADS policy is not enabled. After you set a switch in AG mode, you can
enable the ADS policy, and then specify which devices to allow at login on a per F_Port basis.
Security enforcement can also be done in the enterprise fabric; the DCC policy in the enterprise
fabric takes precedence over the ADS policy. When you enable the ADS policy, it applies to all the
ports on the switch. By default, all devices have access to the fabric on all ports.