Brocade Fabric OS Command Reference Guide v6.1.0 (53-1000599-02, June 2008)

Table Of Contents
570 Fabric OS Command Reference
53-1000599-02
secPolicyAdd
2
secPolicyAdd
Adds members to an existing security policy.
Synopsis secpolicyadd “name”, “member[;member...]”
Description Use this command to add one or more members to an existing access policy. The new members
must not already be members within the policy or the command fails.
Each policy corresponds to a management method. The list of members of a policy acts as an
access control list for that management method. Before a policy is created, there is no
enforcement for that management method; all access is granted. After a policy has been created
and a member has been added to the policy, that policy becomes closed to all access except from
included members. If all members are then deleted from the policy, all access is denied for that
management method (the DCC_POLICY is an exception).
Notes When FCS Policy is enabled, this command can be issued only from the Primary FCS switch. The
secpolicyadd command can be issued on all switches for SCC and DCC policies as long as
fabric-wide consistency policy is not set for the particular policy.
Do not add the WWNs of front or translate (xlate) domains to the FCS policy if the edge fabric is
connected to an FC Router.
backup FCS switches typically cannot modify the policy. However, if the Primary FCS switch in the
policy list is not reachable, then a backup FCS switch is allowed to modify the policy. If all the
reachable backup FCS switches are running pre-v5.3.0 versions of Fabric OS, a non-FCS v5.3.0
switch is allowed to modify the policy so that a new switch can be added to the policy.
The execution of this command is subject to Admin Domain restrictions that may be in place. Refer
to chapter 1, "Understanding Admin Domain Restrictions" and Appendix A, "Command Availability"
for details.
Operands This command has the following operands:
name Specify the name of an existing policy to which you want to add members
.
Valid values for this operand are:
DCC_POLICY_nnn
FCS_POLICY
SCC_POLICY
The specified policy name must be capitalized.
The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed
by a string of user-defined characters. These characters do not have to be
capitalized like regular policy names, but they are case-sensitive.
member Specify a list of one or more member switches for the security policy. The
members must be enclosed in quotation marks and separated by
semicolons. Depending on the policy type, members can be specified by IP
address, WWN, domain, switch name, or other.
WWN Member Policy Types