Secpolicyadd - Brocade Communications Systems 8 Command Reference Manual
Fabric os command reference manual supporting fabric
Hide thumbs
Also See for 8:
- Reference (842 pages) ,
- Reference manual (382 pages) ,
- Administrator's manual (310 pages)
Table of Contents
Advertisement
secPolicyAdd
Adds members to an existing security policy.
Synopsis
secpolicyadd "name", "member[;member...]"
Description
Use this command to add one or more members to an existing access policy.
Each policy corresponds to a management method. The list of members of a policy acts as an
access control list for that management method. Before a policy is created, there is no
enforcement for that management method; all access is granted. After a policy has been created
and a member has been added to the policy, that policy becomes closed to all access except from
included members. If all members are then deleted from the policy, all access is denied for that
management method (the DCC_POLICY is an exception).
Attempting to add a member to a policy that already is a member causes this command to fail.
In a Virtual Fabric Environment, when you create a DCC lockdown policy on a logical switch, the
DCC policy is created for each port in the chassis, even though the ports are not currently present
in the local logical switch. This is done to provision the DCC policy for the ports that may be moved
later. If a policy seems stale at any point, use secPolicyDelete to remove all stale DCC policies.
Fabric-wide consistency policies can be configured on per logical switch basis, which applies the
FCS policy to the corresponding fabric connecting to the logical switch. Automatic policy distribution
for DCC, SCC and FCS remains unchanged in Fabric OS v6.2.0 and can be configured on a per
logical switch basis.
Notes
When an FCS policy is enabled, this command can be issued only from the Primary FCS switch. The
secpolicyadd command can be issued on all switches for SCC and DCC policies as long as
fabric-wide consistency policy is not set for the particular policy.
Do not add the WWNs of front or translate (xlate) domains to the FCS policy if the edge fabric is
connected to an FC Router.
Backup FCS switches typically cannot modify the policy. However, if the Primary FCS switch in the
policy list is not reachable, then a backup FCS switch is allowed to modify the policy. If all the
reachable backup FCS switches are running pre-v5.3.0 versions of Fabric OS, a non-FCS v5.3.0
switch is allowed to modify the policy so that a new switch can be added to the policy.
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may
be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command
Availability" for details.
Operands
This command has the following operands:
"name"
Fabric OS Command Reference
53-1001764-02
Specify the name of an existing policy to which you want to add members
Valid values for this operand are:
•
DCC_POLICY_nnn
•
FCS_POLICY
•
SCC_POLICY
The specified policy name must be capitalized.
The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed
by a string of user-defined characters. These characters do not have to be
capitalized like regular policy names, but they are case-sensitive.
2
secPolicyAdd
.
843
Advertisement
Table of Contents
