Fcs Policy Restrictions - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 5.3.x administrator guide (5697-0244, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
•
Distribution to pre-5.3.0 switches using the wild (*) character
When the wild card character is specified, distribution succeeds even if the fabric contains pre-5.3.0
switches. However, the FCS database will be sent only to switches with a Fabric OS of 5.2.0 or later in
the fabric and not to pre-5.2.0 switches. Fabric OS 5.2.0 switches receive the distribution and will
ignore the FCS database.
FCS policy restrictions
Back-up FCS switches normally cannot modify the policy. However, if the Primary FCS switch in the policy
list is not reachable, then a back-up FCS switch will be allowed to modify the policy.
The local-switch WWN cannot be deleted from the FCS policy.
Once an FCS policy is configured and distributed across the fabric, only the Primary FCS switch can
perform certain operations. Operations which affect fabric wide configuration are allowed only from the
Primary FCS switch. Backup and non-FCS switches cannot perform security, zoning and AD operations that
affect the fabric configuration. The following error message is returned if a backup or non-FCS switch tries
to perform these operations:
"Can only execute this command on the Primary FCS switch."
Operations that do not affect the fabric configuration, such as show or local switch commands, would be
allowed on back-up and non-FCS switches.
FCS enforcement applies only for user-initiated fabric wide operations. Internal fabric data propagation
because of a fabric merge is not blocked. Consequently, a new switch which joins the FCS enabled fabric
could still propagate the AD and zone database.
NOTE:
All current FCS policies will be deleted if you enable secmode.
Table 32
shows the commands for switch operations for a Primary FCS enforcement.
Table 32
Switch operations
Allowed on FCS switches
secPolicyAdd (Allowed on all switches for
SCC/DCC policies as long as it is not fabric-wide)
secPolicyCreate (Allowed on all switches for
SCC/DCC policies as long as it is not fabric-wide)
secPolicyDelete (Allowed on all switches for
SCC/DCC policies as long as its not fabric-wide)
secPolicyRemove (Allowed on all switches for
SCC/DCC policies as long as its not fabric-wide)
fddcfg –fabwideset
Any fabric-wide commands
All zoning commands except the show commands
All AD commands
FCS enforcement does not apply to pre-5.3.0 switches and they will be able to initiate all operations, but
fabric-wide operations can fail if FCS policy is present on the 5.3.0 switches in the fabric.
122 Configuring advanced security
Allowed on all switches
secPolicyShow
fddcfg –localaccept/reject
userconfig, Passwd, Passwdcfg (Fabric-wide
distribution is not allowed from a backup or non-FCS
switch.)
secPolicyActivate
secPolicySave
secPolicyAbort
SNMP commands
configupload
Any local-switch commands
Any AD command that does not affect fabric-wide
configuration
- Quick Links:
- Connecting to the Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
