Configuring Advanced Security; About Access Control List (Acl) Policies; How The Acl Policies Are Stored; Identifying Policy Members - HP AA979A - StorageWorks SAN Switch 2/8V Administrator's Manual
Hp storageworks fabric os 5.2.x administrator guide (5697-0014, november 2009)
Hide thumbs
Also See for AA979A - StorageWorks SAN Switch 2/8V:
- Installation manual (126 pages) ,
- User manual (76 pages) ,
- Release note (48 pages)
Table of Contents
Advertisement
5
Configuring advanced security
This chapter provides information and procedures for configuring advanced Fabric OS 5.2.x security
feature, Access Control Lists (ACL) policies for FC port and switch binding.
NOTE:
Run all commands in this chapter by logging in to Administrative Domain (AD) 255 or if
Administrative Domains have not been implemented log in to AD 0.
For information about licensed security features available in Secure Fabric OS, see the Secure Fabric OS
Administrator's Guide.
About Access Control List (ACL) policies
Fabric OS provides the following policies:
•
Device Connection Control (DCC) policies—Used to restrict which Fibre Channel device ports can
connect to which Fibre Channel switch ports.
•
Switch Connection Control (SCC) policy—Used to restrict which switches can join the switch.
Each supported policy is identified by a specific name, and only one policy of each type can exist (except
for DCC policies). Policy names are case sensitive and must be entered in all uppercase.
How the ACL policies are stored
The policy are stored in a local database. The database contains both ACL policies types (SCC and DCC).
The policy are grouped by state and type.
A policy can be in the following state:
•
Active—The policy is being enforced by the switch.
•
Defined—The policy has been set up but is not enforced.
A group of policies is called a Policy Set.
Each switch has the following two sets:
•
Active policy set—Contains ACL policies being enforced by the switch.
•
Defined policy set—Contains a copy of all ACL policies on the switch.
When you activate a policy, the defined policy either replaces the policy with the same name in the active
set or becomes a new active policy. If a policy appears in the defined set but not in the active set, the
policy was saved but has not been activated. If a policy with the same name appears in both the defined
and active sets but they have different values, then the policy has been modified but the changes have not
been activated.
Identifying policy members
Specify policy members by device port WWN, switch WWN, domain IDs, or switch names, depending
on the policy. The valid methods for specifying policy members are listed in
Table 24
Valid methods for specifying policy members
Policy name
DCC_POLICY_
SCC_POLICY
Device
port WWN
nnn
Yes
No
Switch
Domain ID Switch
WWN
Yes
Yes
Yes
Yes
Fabric OS 5.2.x administrator guide 103
Table
24.
name
Yes
Yes
Advertisement
Table of Contents
Troubleshooting
