Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/8 SAN Switch
919293949596979899100
Secure Fabric OS Administrator’s Guide 79
53-1000244-02
Appendix
A
Removing Secure Fabric OS Capability
You cannot remove Secure Fabric OS capability from a fabric by disabling secure mode and
deactivating the Secure Fabric OS license keys on the individual switches. Removing Secure Fabric
OS capability is not recommended unless absolutely required. If at all possible, consider disabling
only secure mode and leaving the Secure Fabric OS feature available so that secure mode can be
reenabled if desired.
One possible reason for disabling secure mode or removing Fabric OS capability includes the
addition of new switches to the fabric that do not support Secure Fabric OS.
Disabling secure mode includes the following tasks:
Preparing the Fabric for Removal of Secure Fabric OS Policies. . . . . . . . . . 79
Disabling Secure Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
In addition, undertake the following tasks if desired:
Preparing the Fabric for Removal of Secure Fabric OS Policies
NOTE
This section provides general recommendations only. For best-practice information, refer to the
SOLUTIONware and other documentation provided on the Brocade Partner Web site.
The following tasks are recommended to prepare the fabric before disabling secure mode:
Review the current Secure Fabric OS policies and the devices and users affected by each
policy. The current policy set can be displayed by entering the secPolicyDump command.
Review the types of attempted policy violations that have been occurring. The current Secure
Fabric OS statistics can be displayed by entering the secStatsShow command.
Evaluate the zoning configuration and other aspects of the fabric for any changes that could be
implemented to decrease the chance of security violations when Secure Fabric OS is disabled.
Educate users to minimize security risks and the impact of any security violations.
Disabling Secure Mode
Secure mode is enabled and disabled on a fabric-wide basis and can be enabled and disabled as
often as desired. However, all Secure Fabric OS policies, including the FCS policy, are deleted each
time secure mode is disabled and must be re-created the next time it is enabled. The policies can
be backed up using the configUpload and configDownload commands. For more information about
these commands, refer to the Fabric OS Command Reference.
Secure mode can be disabled only through a sectelnet, SSH, or serial connection to the primary
FCS switch. When secure mode is disabled, all temporary passwords are reset and the
corresponding login sessions are automatically terminated, but traffic is not disrupted.