Fabric OS 5.2.x administrator guide 245
CAUTION:
If Security is enabled via the CLI in the FICON environment, then you should use the following
syntax for the
secModeEnable
command:
secmodeenable --lockdown=scc --currentpwd --fcs “*”
Issuing the
secModeEnable
command as it appears above enables security and creates an SCC policy
with all of the switches that currently reside in the fabric. It will also use the current password as the
password for all available accounts on the switch.
Also, if you intend to use the
secModeEnable
--quickmode
command, device connection control
(DCC) policies are created for every port; this is not required for cascaded FICON configurations. These
DCC policies in a cascaded configuration lock down the ports because no devices are logged into them
before the command is executed, so no device can connect to these ports until you specifically add them to
the DCC policy. If you issued the
secModeEnable
--quickmode
command, the best solution is to
delete the DCC policies that were created.
Be sure not to delete the SCC policy, which is required for FICON cascaded configurations.
5.
Connect and enable channel and control unit (CU) devices. The Query for Security Attributes (QSA)
response to the channel indicates that the fabric binding and IDID are enabled.
Figure 16
shows one viable cascaded configurations. These configurations require Channel A to be
configured for two-byte addressing and require IDID and fabric binding. There can be only two switches in
the path from the channel to the control unit.
Figure 16
Cascaded configuration, two switches
Figure 17
Cascaded configuration, three switches
Setting a unique domain ID
In a cascaded configuration, each switch must have a unique domain ID, and insistent domain ID (IDID)
mode must be enabled. To set a unique domain ID and enable IDID mode, complete the following steps:
1.
Connect to the switch and log in as
admin
.
2.
Verify that the switch has a unique domain ID. If it does not, set a unique domain ID.
For instructions on displaying and changing the domain ID, refer to
Working with domain IDs
,
page 37.
3.
Enter the
switchDisable
command to disable the switch.
4.
Enter the
configure
command.
5.
Press
y
after the Fabric Parameters prompt.
6.
To enable IDID mode, press
y
after the “Insistent Domain ID Mode” prompt.
(You can disable this mode by pressing
n
.)
Channel
A
Control
Unit
B
Switch
Domain ID = 21
Switch
Domain ID = 22
Channel
A
Control
Unit
C
Control
Unit
D
Switch
Domain ID = 23
Switch
Domain ID = 21
Switch
Domain ID = 22
Содержание AE370A - Brocade 4Gb SAN Switch 4/12
Страница 1: ...HP StorageWorks Fabric OS 5 2 x administrator guide Part number 5697 0014 Fifth edition May 2009 ...
Страница 18: ...18 ...
Страница 82: ...82 Managing user accounts ...
Страница 102: ...102 Configuring standard security features ...
Страница 126: ...126 Maintaining configurations ...
Страница 198: ...198 Routing traffic ...
Страница 238: ...238 Using the FC FC routing service ...
Страница 260: ...260 Administering FICON fabrics ...
Страница 280: ...280 Working with diagnostic features ...
Страница 332: ...332 Administering Extended Fabrics ...
Страница 414: ...398 Configuring the PID format ...
Страница 420: ...404 Configuring interoperability mode ...
Страница 426: ...410 Understanding legacy password behaviour ...
Страница 442: ...426 ...
Страница 444: ......
Страница 447: ......