Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/8 Base SAN Switch
41424344454647484950
Secure Fabric OS Administrator’s Guide 33
53-1000244-02
Chapter
3
Enabling Secure Fabric OS and Creating Policies
Secure Fabric OS policies make it possible to customize access to the fabric. The FCS policy is the
only required policy; all other policies are optional.
In this chapter
Default Fabric and Switch Accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Enabling Secure Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Modifying the FCS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Creating Secure Fabric OS Policies Other Than the FCS Policy . . . . . . . . . . 42
Managing Secure Fabric OS Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
To implement Secure Fabric OS policies:
Determine which trusted switches to use as FCS switches to manage Secure Fabric OS.
Enable secure mode in the fabric and specify the primary FCS switch and one or more backup
FCS switches. This automatically creates the FCS policy.
Determine which additional Secure Fabric OS policies to implement in the fabric; then create
and activate those policies. An access policy must be created for each management channel
that is used.
Verify that the Secure Fabric OS policies are operating as intended. Testing a variety of
scenarios to verify optimal policy settings is recommended. For troubleshooting information,
see “Troubleshooting” on page 74.
Prerequisites to Enabling Secure Mode
For more information on any of the following items, see Fabric OS Administrator’s Guide.
Before enabling secure mode, do the following:
Disable the FC-FC routing on all backbone fabrics.
Set the Password policies to the default values.
Remove user-defined Administrative Domains (AD 1-254).
Assign users to the default Administrative Domain for their role.
Clear Fabric-wide Consistency policies on all switches.
Back up the switch-local SCC and DCC policies. These policies are deleted when secure mode
is enabled.