Identifying Policy Members; Acl Policy Management; Valid Methods For Specifying Policy Members - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

When a policy is activated, the defined policy either replaces the policy with the same name in the active
set or becomes a new active policy. If a policy appears in the defined set but not in the active set, the
policy was saved but has not been activated. If a policy with the same name appears in both the defined
and active sets but they have different values, the policy has been modified but the changes have not been
activated.
Admin Domain considerations: ACL management can be done on AD255 and in AD0 only if other there
are no user-defined Admin Domains. Both AD0 (when no other user-defined Admin Domains exist) and
AD255 provide an unfiltered view of the fabric.

Identifying policy members

Specify the FCS, DCC and SCC policy members by device port WWN, switch WWN, Domain IDs, or
switch names, depending on the policy. The valid methods for specifying policy members are listed in
Table 24.
Table 24

Valid methods for specifying policy members

Policy name
FCS_POLICY
DCC_POLICY_nnn
SCC_POLICY

ACL policy management

All policy modifications are saved in volatile memory until those changes are saved or activated. You can
create multiple sessions to the switch from one or more hosts. It is recommended to make changes from one
switch only to avoid having multiple transactions from occurring.
The FCS, SCC and DCC policies in Secure Fabric OS are not interchangeable with Fabric OS FCS, SCC
and DCC policies. Uploading and saving a copy of the Fabric OS configuration after creating policies is
recommended. For more information on configuration uploads, see the
Configuration File" on page 139.
Use the secPolicyShow command to display the active and defined policy sets. You can view the active
an defined policy sets at any time.
NOTE: Note that in a defined policy set, policies created in the same login session also appear but these
policies are automatically deleted if you log out without saving.
NOTE: All changes, including the creation of new policies, are saved and activated on the local switch
only—unless the switch is in a fabric that has a strict or tolerant fabric-wide consistency policy for the ACL
policy type for SCC or DCC. See
the database settings and fabric-wide consistency policy.
Use the instructions in the following sections to manage common settings between two or more of the DCC,
FCS, and SCC policies. For instructions relating to a specific policy, see the appropriate section:
• "Displaying ACL
Displays a list of all active and defined ACL policies on the switch.
• "ACL policy
Save changes to memory without actually implementing the changes within the fabric or to the switch.
This saved but inactive information is known as the defined policy set. Simultaneously save and
implement all the policy changes made since the last time changes were activated. The activated
policies are known as the active policy set. Delete an entire policy; deleting a policy opens up that
aspect of the fabric to all access.
108 Configuring advanced security features
Device port
WWN
No
Yes
No
"Distributing the policy
policies" on page 109
modifications" on page 1 16
Switch Domain ID
WWN
Yes Yes
Yes Yes
Yes Yes
database" on page 129 for more information on
Switch
name
Yes
Yes
Yes
"Maintaining the Switch