Fcs Policy Restrictions; Overview Of Fcs Policy Management; Switch Operations - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.2 administrator guide (5697-0016, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (518 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
fabric and not to pre-5.2.0 switches. Fabric OS 5.2.0 switches receive the distribution and will ignore
the FCS database.
FCS policy restrictions
The backup FCS switches normally cannot modify the policy. However, if the Primary FCS switch in the
policy list is not reachable, a backup FCS switch is allowed to modify the policy.
Once an FCS policy is configured and distributed across the fabric, only the Primary FCS switch can
perform certain operations. Operations that affect fabric-wide configuration are allowed only from the
Primary FCS switch. Backup and non-FCS switches cannot perform security, zoning, and AD operations
that affect the fabric configuration. The following error message is returned if a backup or non-FCS switch
tries to perform these operations.
Can only execute this command on the Primary FCS switch.
Operations that do not affect the fabric configuration, such as show or local switch commands, are
allowed on backup and non-FCS switches.
FCS enforcement applies only for user-initiated fabric-wide operations. Internal fabric data propagation
because of a fabric merge is not blocked. Consequently, a new switch that joins the FCS-enabled fabric
could still propagate the AD and zone database.
Table 27
shows the commands for switch operations for Primary FCS enforcement.
Table 27
Switch operations
Allowed on FCS switches
secPolicyAdd (Allowed on all switches for SCC
and DCC policies as long as it is not fabric-wide)
secPolicyCreate (Allowed on all switches for
SCC and DCC policies as long as it is not
fabric-wide)
secPolicyDelete (Allowed on all switches for
SCC and DCC policies as long as its not
fabric-wide)
secPolicyRemove (Allowed on all switches for
SCC and DCC policies as long as its not
fabric-wide)
fddCfg –-fabwideset
Any fabric-wide commands
All zoning commands except the show commands
All AD commands
FCS enforcement does not apply to pre-5.3.0 switches and they will be able to initiate all operations.
Overview of FCS policy management
Whether your intention is to create new FCS policies or manage your current FCS policies, you must follow
certain steps to ensure that the domains throughout your fabric have the same policy.
NOTE:
The local-switch WWN cannot be deleted from the FCS policy.
1.
Set the pre-5.3.0 switches in the fabric to accept the FCS policy using the fddCfg
or fddCfg
2.
Create the FCS policy using the secPolicyCreate command.
120 Configuring advanced security features
localreject command.
--
Allowed on all switches
secPolicyShow
fddCfg –-localaccept or fddCfg
--localreject
userconfig, Passwd, Passwdcfg (Fabric-wide
distribution is not allowed from a backup or
non-FCS switch.)
secPolicyActivate
secPolicySave
secPolicyAbort
SNMP commands
configupload
Any local-switch commands
Any AD command that does not affect fabric-wide
configuration
localaccept
--
Hide quick links:
Advertisement
Table of Contents
