Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/8 SAN Switch
51525354555657585960
Secure Fabric OS Administrator’s Guide 35
53-1000244-02
3
Creates and activates the FCS policy.
Distributes the policy set (initially consisting of only the FCS policy) to all switches in the fabric.
Activates and distributes the local zoning configurations.
Fastboots any switches needing a reboot to bring the fabric up in secure mode. (Switches
running Fabric OS v3.2.x, v4.4.x, v5.0.1, v5.1.0, v5.2.0, and v5.3.0 are not rebooted when
secure mode is enabled.
NOTE
Run secFabricShow to verify that all switches in the fabric are in a “Ready” state before running
any commands that change security policies, passwords, or SNMP.
By default, the only policy created is the FCS policy. This policy is implemented; no other Secure
Fabric OS-related changes occur to the fabric. Other Secure Fabric OS policies can be created after
the fastboots are complete.
Run secModeEnable from a Fabric OS v2.6.1, v3.1.x, v4.1.x, and v4.2.x switch to distribute all
default account passwords to all other switches in the fabric. In addition, Fabric OS v3.2.0, v4.4.0,
v5.0.1, v5.1.0, v5.2.0, and v5.3.0 switches back up existing MUAs and remove them from the
existing password database.
Run secModeEnable from a Fabric OS v3.2.0, v4.4.0, v5.0.1, or v5.1.0 switch to distribute all
default account passwords and MUA information to all other Fabric OS v3.2.0, v4.4.0, v5.0.1,
v5.1.0, and v5.2.0 switches in the fabric. Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0
switches back up their own existing MUAs and remove them from the existing password database.
Fabric OS versions 2.6.1, 3.1.x, 4.1.x, and 4.2.x switches receives the default account distribution
only.
Fabric OS v3.2.x, v4.4.x, v5.0.1 v5.1.0, and v5.2.0 provide two secModeEnable options. The default
option prompts for new passwords for all default accounts and leaves the MUA passwords
unchanged before distribution to other switches in the fabric. The other option, --currentpwd,
suppresses the prompt for new default account passwords. The existing default account
passwords and MUA passwords on the primary FCS switch are distributed to the rest of the fabric.
The command backs up and deletes all MUAs on a receiving switch that are different from the ones
on the primary FCS switch. Depending on whether optional arguments are specified or not, the
command also might request new passwords for secure mode
CAUTION
Placing the two switches of a two-domain Brocade 24000 in separate fabrics is not supported if
secure mode is enabled on one or both switches.
The following restrictions apply when secure mode is enabled:
Standard telnet cannot be used after secure mode is enabled; however, sectelnet can be used
as soon as a digital certificate is installed on the switch. SSH can be used at any time; however,
telnet sessions opened prior to issuing secModeEnable remain open if secure mode is enabled
using the option to preserve passwords. If telnet use is completely prohibited, the telnet
protocol should be disabled on each switch, using the configure command, prior to enabling
secure mode.
Several commands can be entered only from the FCS switches. See “Command Restrictions in
Secure Mode” on page 86 for a list of these commands.