Identifying Policy Members; Configuring Acl Policies; Valid Methods For Specifying Policy Members - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

and active sets but they have different values, then the policy has been modified but the changes have not
been activated.
Admin Domain considerations: ACL management can be done on AD255 and in AD0 only if other
there are no user-defined Admin Domains. Both AD0 (when no other user-defined Admin Domains exist)
and AD255 provide an unfiltered view of the fabric.

Identifying policy members

Specify the FCS, DCC and SCC policy members by device port WWN, switch WWN, Domain IDs, or
switch names, depending on the policy. The valid methods for specifying policy members are listed in
Table 24.
Table 24

Valid methods for specifying policy members

Policy name
FCS_POLICY
DCC_POLICY_nnn
SCC_POLICY

Configuring ACL policies

All policy modifications are saved in volatile memory until those changes are saved or activated. You can
create multiple sessions to the switch from one or more hosts. It is recommended to make changes from one
switch only to avoid having multiple transactions from occurring.
The FCS, SCC and DCC policies in Secure Fabric OS are not interchangeable with Fabric OS FCS, SCC
and DCC policies. Uploading and saving a copy of the Fabric OS configuration after creating policies is
strongly recommended. Use the configUpload command to upload a copy of the configuration file. For
more information on how to use this command, see the
NOTE: All changes, including the creation of new policies, are saved and activated on the local switch
only—unless the switch is in a fabric that has a strict or tolerant fabric-wide consistency policy for the ACL
policy type for SCC or DCC. See
the database settings and fabric-wide consistency policy.
Use the instructions in the following sections to manage common settings between two or more of the DCC,
FCS, and SCC policies. For instructions relating to a specific policy, refer to the appropriate section.
• "Displaying ACL
Displays a list of all active and defined ACL policies on the switch.
• "Saving changes to ACL
Save changes to memory without actually implementing the changes within the fabric or to the switch.
This saved but inactive information is known as the "defined policy set."
• "Activating changes to ACL
Simultaneously save and implement all the policy changes made since the last time changes were
activated. The activated policies are known as the "active policy set."
• "Adding a member to an existing
Add one or more members to a policy. The aspect of the fabric covered by each policy is closed to
access by all devices and switches that are not listed in that policy.
• "Removing a member from an ACL
Remove one or more members from a policy. If all members are removed from a policy, that aspect of
the fabric becomes closed to all access.
• "Deleting an ACL
Delete an entire policy; deleting a policy opens up that aspect of the fabric to all access.
100 Configuring advanced security features
Device port Switch
WWN WWN
No Yes
Yes Yes
No Yes
"Distributing the policy
policies" on page 101
policies" on page 108
policies" on page 108
policy" on page 108
policy" on page 109
policy" on page 109
Domain ID Switch
name
Yes Yes
Yes Yes
Yes Yes
"Maintaining Configurations" on page 131.
database" on page 121 for more information on