Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/8 Base SAN Switch
61626364656667686970
52 Secure Fabric OS Administrator’s Guide
53-1000244-02
3
DCC policies must follow the naming convention “DCC_POLICY_nnn,” where nnn represents a
unique string. To save memory and improve performance, one DCC policy per switch or group of
switches is recommended.
Device ports must be specified by port WWN. Switch ports can be identified by the switch WWN,
domain ID, or switch name followed by the port or area number. To specify an allowed connection,
enter the device port WWN, a semicolon, and the switch port identification. Following are the
possible methods of specifying an allowed connection:
deviceportWWN;switchWWN (port or area number)
deviceportWWN;domainID (port or area number)
deviceportWWN;switchname (port or area number)
How to create a DCC policy is described after Table 13, which shows the possible DCC policy states.
CAUTION
When a DCC violation occurs, the related port is automatically disabled and must be re-enabled
using the portEnable command.
Proxy device access cannot be managed using a DCC policy in a secure fabric. Proxy devices are
always granted full access, even if the DCC policy has an entry that restricts or limits access of a
proxy device.
To create a DCC policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “DCC_POLICY_nnn”, “member;...;member.
DCC_POLICY_nnn is the name of the DCC policy to be created; nnn is a string consisting of up
to 19 alphanumeric or underscore characters to differentiate it from any other DCC policies.
member contains device or switch port information: deviceportWWN;switch(port):
- deviceportWWN is the WWN of the device port.
TABLE 13 DCC Policy States
Policy State Characteristics
No policy Any device can connect to any switch port in the fabric.
Policy with no entries Any device can connect to any switch port in the fabric. An empty policy is the
same as no policy.
Policy with entries If a device WWN is specified in a DCC policy, that device is only allowed access to
the fabric if connected to a switch port listed in the same policy.
If a switch port is specified in a DCC policy, it only permits connections from
devices that are listed in the policy.
Devices with WWNs that are not specified in a DCC policy are allowed to connect
to the fabric at any switch ports that are not specified in a DCC policy.
Switch ports and device WWNs may exist in multiple DCC policies.
Proxy devices are always granted full access and can connect to any switch port
in the fabric.