Configuring Advanced Security; About Access Control List (Acl) Policies; How The Acl Policies Are Stored - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 5.3.x administrator guide (5697-0244, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
6
Configuring advanced security
This chapter provides information and procedures for configuring advanced Fabric OS 5.2.x security
feature, Access Control Lists (ACL) policies for FC port and switch binding.
NOTE:
Run all commands in this chapter by logging in to Administrative Domain (AD) 255 or if
Administrative Domains have not been implemented log in to AD 0.
For information about licensed security features available in Secure Fabric OS, see the Secure Fabric OS
Administrator's Guide.
About access control list (ACL) policies
Fabric OS provides the following policies:
Fabric Configuration Server (FCS) policy—Used to restrict which switches can change the
•
configuration of the fabric.
Device Connection Control (DCC) policies—Used to restrict which Fibre Channel device ports can
•
connect to which Fibre Channel switch ports.
Switch Connection Control (SCC) policy—Used to restrict which switches can join with a switch.
•
IP Filter Policy (IPFilter) policy—Used to filter traffic based on IP addresses
•
Each supported policy is identified by a specific name, and only one policy of each type can exist (except
for DCC policies). Policy names are case sensitive and must be entered in all uppercase.
How the ACL policies are stored
The policies are stored in a local database. The database contains the ACL policies types of FCS, DCC,
SCC, and IPFilter. The policies are grouped by state and type.
A policy can be in the following state:
•
Active—The policy is being enforced by the switch.
•
Defined—The policy has been set up but is not enforced.
A group of policies is called a Policy Set.
Each switch has the following two sets:
•
Active policy set—Contains ACL policies being enforced by the switch.
•
Defined policy set—Contains a copy of all ACL policies on the switch.
When a policy is activated, the defined policy either replaces the policy with the same name in the active
set or becomes a new active policy. If a policy appears in the defined set but not in the active set, the
policy was saved but has not been activated. If a policy with the same name appears in both the defined
and active sets but they have different values, then the policy has been modified but the changes have not
been activated.
Fabric OS 5.3.0 administrator guide 119
- Quick Links:
- Connecting to the Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
