Understanding Virtual Fabric Restrictions - Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base Command Reference Manual
Brocade fabric os command reference manual v6.2.0 (53-1001186-01, april 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Reference manual (1240 pages) ,
- Command reference manual (816 pages) ,
- Reference (550 pages)
Table of Contents
Advertisement
1
Understanding Virtual Fabric restrictions
Appendix A, "Appendix A: Command availability"
place to validate command execution, and provides the RBAC permissions for the commands
included in this manual.
Additional command restrictions apply depending on whether Virtual Fabrics or Admin Domains are
enabled in a fabric.
NOTE
Virtual Fabrics and Admin Domains are mutually exclusive and are not supported at the same time
on a switch. To use Admin Domains, you must first disable Virtual Fabrics; to use Virtual Fabrics, you
must first delete all Admin Domains. Use ad --clear -f to remove all Admin Domains. Refer to the
Fabric OS Administrator's Guide for more information.
Understanding Virtual Fabric restrictions
In Fabric OS v6.2.0 and later, all commands are subject to additional RBAC enforcement with
regard to Virtual Fabric contexts and switch types. Commands can be executed in one or more of
the contexts described in
TABLE 2
Context type
Switch context
Chassis context
Switch and Chassis
context
Disallowed
Switch commands are further defined by the switch type restrictions as described in
Switch type restrictions are not applicable to commands that require chassis permissions.
TABLE 3
Switch Type
All Switches
Base Switch Only
Default Switch Only Command can be executed only on the default switch.
N/A
In a Virtual Fabric environment where contexts are enforced, the following Virtual Fabric restrictions
apply to the RBAC permissions specified in
on configuring user account access permissions in a Virtual Fabric environment.
•
Any given role is allowed to execute all switch commands to which the role is authorized in the
account's home context. The default home context is the default logical fabric FID 128.
•
You can change an account's home context to a specified FID and configure the account
permissions to access additional Logical Switches specified in the user's Fabric ID list.
2
DRAFT: BROCADE CONFIDENTIAL
Table
2. Execution of chassis commands requires chassis permissions.
Virtual Fabric contexts
Definition
Command applies to the current logical switch only, or to a
specified logical switch.
Command applies to the chassis on which it is executed.
Command can be executed in a logical switch context or in
a chassis context.
Command is not supported in Virtual Fabric mode.
Switch Types
Definition
Command can be executed in any switch context.
Command can be executed only on the base switch.
Command is a chassis command or not supported in
Virtual Fabric mode.
explains the Role-Based Access Control checks in
Table
1. Refer to userConfig help for more information
Table
3.
Fabric OS Command Reference
53-1001186-01
Hide quick links:
Advertisement
Table of Contents
