Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)
76 Secure Fabric OS Administrator’s Guide
53-1000244-02
4
Secure mode cannot be
enabled because of the
password management
policy setting is not the
default value.
A switch has non-default
values for one or more of the
password management
policy settings.
Only the password management policy default values
are supported by secure mode. On each switch
restore the password policy settings to the default
values by running passwdcfg --setdefault.
One or more switches is
segmented from the
fabric.
Note: For instructions on
rejoining fabrics, refer to
the instructions in “Adding
Switches and Merging
Fabrics with Secure Mode
Enabled” on page 70.
SCC_POLICY is excluding the
segmented switches.
Use the secPolicyAdd command on the primary FCS
switch to add the switches to the SCC_POLICY.
Management server services
on the segmented switches
are inconsistent with rest of
fabric.
Ensure that the Management Server Platform Service
is consistently enabled or disabled across all the
switches in the fabric. For information about the
management server support provided by Fabric OS,
refer to the Fabric OS Command Reference.
The segmented switches are
missing PKI objects.
Determine the status of the PKI objects by following
the procedure in “Verifying the Digital Certificate” on
page 10. If any objects are missing, replace as
described in “Creating PKI Objects” on page 11.
ISLs to the segmented
switches are interrupted or a
port failure occurred.
Check the hardware connections and the port status
for all ISLs between the segmented switches and the
fabric.
Configurations of the
segmented switches
diverged from rest of the
fabric.
Disable the segmented switches, reset the
configuration parameters to match the rest of the
fabric, and reenable the switches.
FCS policies on the
segmented switches are not
identical to the FCS policy of
the fabric.
If one or more switches is segmented without any
FCS switches, enter the secModeEnable command
on a segmented switch and specify an FCS policy that
is identical to the FCS policy of the rest of the fabric.
The segmented switch or group of switches
automatically fastboot.
If one or more switches is segmented along with a
primary FCS switch, modify the FCS policy as required
until it is identical to the FCS policy in the rest of the
fabric.
The fabric contains more
than one version stamp.
Might be due to no primary
FCS switch being available to
propagate changes across
fabric.
Type the secModeEnable command to specify a new
primary FCS switch. Specify adequate backup FCS
switches to prevent a recurrence. Then, for each
segmented portion of the fabric that does not contain
the new primary FCS switch, reset the version stamp
to 0 by entering switchDisable, secVersionReset, and
switchEnable.
When the SCC policy is
created after a fabric
segmentation, it
automatically includes the
segmented FCS switches.
The segmented FCS
switches are still listed in the
FCS policy.
Modify FCS policy to remove segmented FCS
switches; then, modify or create the SCC policy as
required.
Passwords that should be
consistent across the
fabric are not consistent.
A password recovery
operation might have been
performed on one or more
switches.
To make the passwords consistent, log in to the
switch that had the password recovered and enter
the switchDisable command, followed by
secVersionReset and switchEnable.
TABLE 19 Recovery Processes (Continued)
Symptom Possible Causes Recommended Actions