Manualshelf

Brocade Access Gateway Administrator's Guide Supporting Fabric OS v7.0.0 (53-1002156-01, April 2011)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/64 SAN Switch Power Pack
41424344454647484950
30 Access Gateway Administrator’s Guide
53-1002156-01
Advanced Device Security policy
3
WWN Based Load Balancing wwnloadbalance Disabled
Access Gateway policy enforcement matrix
Table 6 shows which combinations of policies can co-exist with each other.
Advanced Device Security policy
Advanced Device Security (ADS) is a security policy that restricts access to the fabric at the AG level
to a set of authorized devices. Unauthorized access is rejected and the system logs a RASLOG
message. You can configure the list of allowed devices for each F_Port by specifying their Port
WWN (PWWN). The ADS policy secures virtual and physical connections to the SAN.
How the ADS policy works
When you enable the ADS policy, it applies to all F_Ports on the AG-enabled module. By default, all
devices have access to the fabric on all ports. You can restrict the fabric connectivity to a particular
set of devices where AG maintains a per-port allow list for the set of devices whose PWWN you
define to log in through an F_Port. You can view the devices with active connections to an F_Port
using the ag --show command.
NOTE
The ag --show command only displays the Core AGs, such as the AGs that are directly connected to
fabric. The agshow --name command displays the F_Ports of both the Core and Edge AGs.
Alternatively, the security policy can be established in the Enterprise fabric using the Device
Connection Control (DCC) policy. For information on configuring the DCC policy, see “Enabling the
DCC policy on a trunk” on page 55. The DCC policy in the Enterprise fabric takes precedence over
the ADS policy. It is generally recommended to implement the security policy in the AG module
rather than in the main fabric, especially if the Failover and Failback policies are enabled.
TABLE 6 Policy enforcement matrix
Policies Auto Port Configuration Port Grouping N_Port Trunking Advanced Device
Security
Auto Port Configuration
N/A Cannot co-exist Can co-exist Can co-exist
N_Port Grouping
Mutually exclusive N/A Can co-exist Can co-exist
N_Port Trunking
Can co-exist Can co-exist N/A Can co-exist
Advanced Device
Security
1
1. The ADS policy is not supported when using device mapping.
Can co-exist Can co-exist Can co-exist N/A
Device Load Balancing
2
2. Device Load Balancing and Automatic Login Balancing cannot be enabled for the same port group.
Cannot co-exist Can co-exist Can co-exist Can co-exist