Brocade Web Tools Administrator's Guide - Supporting Fabric OS v7.0.0 (53-1002152-01, March 2012)
Web Tools Adminstrator’s Guide 175
53-1002152-01
Chapter
16
Configuring Standard Security Features
In this chapter
•User-defined accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
•User-defined roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
•Access control list policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
•Fabric-Wide Consistency Policy configuration . . . . . . . . . . . . . . . . . . . . . . . 190
•Authentication policy configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
•SNMP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
•RADIUS management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
•Active Directory service management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
•IPsec concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
•IPsec over FCIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
•IPsec over management ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
•Establishing authentication policies for HBAs. . . . . . . . . . . . . . . . . . . . . . . 213
User-defined accounts
In addition to the default accounts—root, factory, admin, and user—Fabric OS v7.0.0 supports up to
256 user-defined accounts in each logical switch (domain). These accounts expand your ability to
track account access and audit administrative activities.
When the Virtual Fabrics capability is enabled, each user-defined account is associated with the
following:
• Virtual Fabric ID—Specifies the accessible Virtual Fabrics for a user account.
• Home Virtual Fabric—Specifies the default Virtual Fabric for a user account.
• Role—Determines functional access levels within the Virtual Fabric.
When the Admin Domain capability is enabled, each user-defined account is associated with the
following:
• Admin Domain list—Specifies the accessible Admin Domains for a user account.
• Home Admin Domain—Specifies the default Admin Domain for a user account. The home
Admin Domain must be a member of the user’s Admin Domain list.
• Role—Determines functional access levels within the bounds of the user’s current Admin
Domain.
NOTE
Virtual Fabrics and Admin Domains are mutually exclusive.