132 Managing administrative domains
Admin domains and login
You are always logged in to an Admin Domain, and you can view and modify only the devices in that
Admin Domain.
If you have access to more than one Admin Domain, one of them will have been specified as your “home
Admin Domain,” the one you are automatically logged in to. If your home Admin Domain is deleted or
deactivated, then by default you are logged in to the lowest numbered active Admin Domain in your
Admin Domain List. The home Admin Domain, like the Admin Domain list, is a configurable property of a
non-default user account. Here is some information about AD accounts:
•
You can log in to only one Admin Domain at a time. You can later change the Admin Domain to which
you are logged in (see
”
Switching to a different Admin Domain context
” on page 144).
•
For default accounts such as admin and user, the home Admin Domain defaults to AD0 and cannot be
changed.
•
The Admin Domain list for the default admin account is 0–255, which gives this account automatic
access to any Admin Domain as soon as the domain is created, and makes this account a physical
fabric administrator.
•
The Admin Domain list for the default user account is AD0 only.
•
For user-defined accounts, the home Admin Domain also defaults to AD0 but an administrator can set
the home Admin Domain to any Admin Domain to which the account has been given access.
•
If you are in any Admin Domain context other than AD0, the Admin Domain is included in your
prompt. The following are example prompts for when you are in the AD0, AD1, and AD255 contexts,
respectively:
Admin domain member types
You define an Admin Domain by identifying members of that domain. Admin Domain members can be
devices, switch ports, or switches. Defining these member types is similar to defining a traditional zone
member type. An Admin Domain does not require or have a new domain ID or management IP address
linked to it.
The following sections describe these member types in more detail.
Device members
Device members are defined by the device World Wide Name (WWN). A device member:
•
Can be either a device port WWN or device node WWN.
•
Can be a physical or virtual device, such as an FCR Proxy device.
•
Grants view access to the device and zoning rights.
•
Provides a pure virtual view. The cabling and switch port diagnostics and control is done by the
physical fabric administrator.
View rights are also granted to the switch port to which the device is attached.
Port control is provided only through switch port membership and is not provided for device members.
When you create an Admin Domain, the end device members do not have to be online, even though their
WWNs are used in the Admin Domain definition. The physical fabric administrator performs cabling and
switch port diagnostics and control.
You can share device members across multiple Admin Domains. You can also zone shared devices
differently in each Admin Domain. A device WWN member does not automatically grant usage of
corresponding (domain, port) members in the zone configuration. If you specify a device WWN member
in the Admin Domain member list, zone enforcement ignores zones with the corresponding port (the port to
which the device is connected) member usage.
sw5:admin>
sw5:AD1:admin>
sw5:AD255:admin>
Summary of Contents for AE370A - Brocade 4Gb SAN Switch 4/12
Page 18: ...18 ...
Page 82: ...82 Managing user accounts ...
Page 102: ...102 Configuring standard security features ...
Page 126: ...126 Maintaining configurations ...
Page 198: ...198 Routing traffic ...
Page 238: ...238 Using the FC FC routing service ...
Page 260: ...260 Administering FICON fabrics ...
Page 280: ...280 Working with diagnostic features ...
Page 332: ...332 Administering Extended Fabrics ...
Page 414: ...398 Configuring the PID format ...
Page 420: ...404 Configuring interoperability mode ...
Page 426: ...410 Understanding legacy password behaviour ...
Page 442: ...426 ...
Page 444: ......
Page 447: ......