Configuring A Dcc Policy; Dcc Policy Restrictions - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 5.3.x administrator guide (5697-0244, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
Configuring a DCC policy
Multiple DCC policies can be used to restrict which device ports can connect to which switch ports. The
devices can be initiators, targets, or intermediate devices such as SCSI routers and loop hubs. By default,
all device ports are allowed to connect to all switch ports; no DCC policies exist until they are created.
Each device port can be bound to one or more switch ports; the same device ports and switch ports may
be listed in multiple DCC policies. After a switch port is specified in a DCC policy, it permits connections
only from designated device ports. Device ports that are not specified in any DCC policies are allowed to
connect only to switch ports that are not specified in any DCC policies.
When a DCC violation occurs, the related port is automatically disabled and must be re-enabled using the
portEnable command.
The procedure used to create a DCC policy is described after
policy states.
Table 34
DCC policy states
Policy state
No policy
Policy with no entries
Policy with entries
DCC policy restrictions
The following restrictions apply when using DCC policies:
•
Fabric OS 5.2.0 and later support DCC policies. You cannot directly transfer DCC policies created in
Secure Fabric OS to policies to be used in Fabric OS.
Policies created in Secure Fabric OS are deleted when Secure Fabric OS is disabled; policies created in
Fabric OS are deleted when Secure Fabric OS is enabled. Therefore, back up DCC policies before
enabling or disabling Secure Fabric OS.
•
Some older private-loop HBAs do not respond to port login from the switch and are not enforced by the
DCC policy. This does not create a security problem because these HBAs cannot contact any device
outside of their immediate loop.
•
DCC policies cannot manage or restrict iSCSI connections, that is, an FC Initiator connection from an
iSCSI gateway.
•
You cannot manage proxy devices with DCC policies. Proxy devices are always granted full access,
even if the DCC policy has an entry that restricts or limits access of a proxy device.
Characteristics
Any device can connect to any switch port in the fabric.
Any device can connect to any switch port in the fabric. An empty policy is the same
as no policy.
If a device WWN is specified in a DCC policy, that device is only allowed access to
the switch if connected by a switch port listed in the same policy.
If a switch port is specified in a DCC policy, it only permits connections from devices
that are listed in the policy.
Devices with WWNs that are not specified in a DCC policy are allowed to connect
to the switch at any switch ports that are not specified in a DCC policy.
Switch ports and device WWNs may exist in multiple DCC policies.
Proxy devices are always granted full access and can connect to any switch port in
the fabric.
Table
26, which shows the possible DCC
Fabric OS 5.3.0 administrator guide 125
- Quick Links:
- Connecting to the Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
