Fabric OS Command Reference
893
53-1001764-01
secPolicyCreate
2
secpolicycreate
DCC_POLICY "*" may be used to indicate DCC lockdown. This
command creates a unique policy for each port in the fabric locking it down to the
device connected or creating an empty policy to disallow any device to be
connected to it. This can be done only when there are no other DCC policies
defined on the switch. The switch must be in an enabled state for DCC lockdown
to succeed. On a disabled switch, executing
secpolicycreate
DCC_POLICY "*"
will not create any DCC policies.
"
member
"
Specify one or more members to be included in the security policy. The member
list must be enclosed in double quotation marks and members separated by
semicolons. The member list must be separated from the name field by a comma
and a space. Depending on the policy type, members are specified as follows:
DCC_POLICY Members
The DCC_Policy_
nnn
is a list of devices associated with a specific switch and port
index combination. An empty DCC_POLICY does not stop access to the switch.
The device is specified by its port WWN. The switch and port combination must be
in the switch
port
format.
switch
can be specified using a WWN, domain, or switch name.
port
can be specified by port numbers separated by commas and enclosed in
either brackets or parentheses: for example, (2, 4, 6). Ports enclosed in brackets
include the devices currently attached to those ports.
The following examples illustrate several ways to specify the port values:
(1-6)
Selects ports 1 through 6.
(*)
Selects all ports on the switch.
[3, 9]
Selects ports 3 and 9 and all devices attached to those ports.
[1-3, 5]
Selects ports 1 through 3 and 5 and all devices attached to those ports.
[*]
Selects all ports on the switch and devices currently attached to those ports.
SCC_POLICY and FCC_POLICY Members
This policy type requires member IDs to be specified as WWN strings, domains,
or switch names. If domain or switch names are used, the switches associated
must be present in the fabric or the command fails.
To add all switches in the current fabric as members of the policy, enter an
asterisk enclosed in quotation marks (*) as the member value. This feature cannot
be used by the other security commands.
EXAMPLES
To create an FCS policy (While creating the FCS policy, the local switch WWN is automatically included
in the list. Switches included in the FCS list are FCS switches and the remaining switches in the fabric
are non-FCS switches. Out of the FCS list, the switch that is in the first position becomes the Primary
FCS switch and the remaining switches become backup FCS switches. If the first switch in the FCS list is
not reachable, the next switch becomes the Primary):
primaryfcs:admin>
secpolicycreate "FCS_POLICY", "3; 4"
FCS_POLICY has been created.
Содержание Fabric OS v7.0.1
Страница 1: ...53 1002447 01 15 December 2011 Fabric OS Command Reference Supporting Fabric OS v7 0 1 ...
Страница 6: ...vi Fabric OS Command Reference 53 1002447 01 ...
Страница 30: ...4 Fabric OS Command Reference 53 1002447 01 Using the command line interface 1 ...
Страница 118: ...92 Fabric OS Command Reference 53 1001764 01 ceePortLedTest 22 ceePortLedTest DESCRIPTION See portLedTest SEE ALSO None ...
Страница 270: ...244 Fabric OS Command Reference 53 1001764 01 exit 22 exit DESCRIPTION See logout SEE ALSO None ...
Страница 1132: ...1106 Fabric OS Command Reference 53 1002447 01 General Fabric OS commands and permissions A ...