Fabric OS 5.2.x administrator guide 103
5
Configuring advanced security
This chapter provides information and procedures for configuring advanced Fabric OS 5.2.x security
feature, Access Control Lists (ACL) policies for FC port and switch binding.
NOTE:
Run all commands in this chapter by logging in to Administrative Domain (AD) 255 or if
Administrative Domains have not been implemented log in to AD 0.
For information about licensed security features available in Secure Fabric OS, see the
Secure Fabric OS
Administrator’s Guide
.
About Access Control List (ACL) policies
Fabric OS provides the following policies:
•
Device Connection Control (DCC) policies—Used to restrict which Fibre Channel device ports can
connect to which Fibre Channel switch ports.
•
Switch Connection Control (SCC) policy—Used to restrict which switches can join the switch.
Each supported policy is identified by a specific name, and only one policy of each type can exist (except
for DCC policies). Policy names are case sensitive and must be entered in all uppercase.
How the ACL policies are stored
The policy are stored in a local database. The database contains both ACL policies types (SCC and DCC).
The policy are grouped by state and type.
A policy can be in the following state:
•
Active—The policy is being enforced by the switch.
•
Defined—The policy has been set up but is not enforced.
A group of policies is called a Policy Set.
Each switch has the following two sets:
•
Active policy set—Contains ACL policies being enforced by the switch.
•
Defined policy set—Contains a copy of all ACL policies on the switch.
When you activate a policy, the defined policy either replaces the policy with the same name in the active
set or becomes a new active policy. If a policy appears in the defined set but not in the active set, the
policy was saved but has not been activated. If a policy with the same name appears in both the defined
and active sets but they have different values, then the policy has been modified but the changes have not
been activated.
Identifying policy members
Specify policy members by device port WWN, switch WWN, domain IDs, or switch names, depending
on the policy. The valid methods for specifying policy members are listed in
Table 24
.
Table 24
Valid methods for specifying policy members
Policy name
Device
port WWN
Switch
WWN
Domain ID Switch
name
DCC_POLICY_
nnn
Yes
Yes
Yes
Yes
SCC_POLICY
No
Yes
Yes
Yes
Summary of Contents for AE370A - Brocade 4Gb SAN Switch 4/12
Page 18: ...18 ...
Page 82: ...82 Managing user accounts ...
Page 102: ...102 Configuring standard security features ...
Page 126: ...126 Maintaining configurations ...
Page 198: ...198 Routing traffic ...
Page 238: ...238 Using the FC FC routing service ...
Page 260: ...260 Administering FICON fabrics ...
Page 280: ...280 Working with diagnostic features ...
Page 332: ...332 Administering Extended Fabrics ...
Page 414: ...398 Configuring the PID format ...
Page 420: ...404 Configuring interoperability mode ...
Page 426: ...410 Understanding legacy password behaviour ...
Page 442: ...426 ...
Page 444: ......
Page 447: ......