Creating a group
Creating a group involves specifying a group name and a group type. There are three types of groups:
•
ISL group—secures connected switches
•
Port group—secures connected devices
•
MS group—secures management server commands
To create a new port group, enter the group create command, as shown in the following example:
8/20q FC Switch (admin-security) #> group create group_port port
Deleting a group
To delete group_port from the security database, enter the group delete command, as shown in the
following example:
8/20q FC Switch (admin-security) #> group delete group_port
Renaming a group
To rename group_port to port_1, enter the group rename command, as shown in the following example:
8/20q FC Switch (admin-security) #> group rename group_port port_1
Copying a group
To copy the contents of an existing group (group_port) to a new group (port_1), enter the group copy
command, as shown in the following example:
8/20q FC Switch (admin-security) #> group copy group_port port_1
Adding members to a group
Adding a member to a group involves specifying a group, the member worldwide name, and the member
attributes. The member attributes define the authentication method, encryption method, secrets, and fabric
binding, depending on the group type.
•
For ISL member attributes, see
•
For Port member attributes, see
•
For MS member attributes, see
To add a member to a group, enter the group add command, as shown in the following example:
8/20q FC Switch #> admin start
8/20q FC Switch (admin) #> security edit
8/20q FC Switch (admin-security) #> group add Group_1
A list of attributes with formatting and default values will follow
Enter a new value or simply press the ENTER key to accept the current value
with exception of the Group Member WWN field which is mandatory.
If you wish to terminate this process before reaching the end of the list
press 'q' or 'Q' and the ENTER key to do so.
Group Name
Group Type
Member
10:00:00:c0:dd:00:90:a3
Authentication
PrimaryHash
PrimarySecret
SecondaryHash
SecondarySecret (40 hex or 20 ASCII char value)
Binding
Finished configuring attributes.
To discard this configuration use the security cancel command.
84
Device security configuration
Table
8.
Table
9.
Table
10.
Group_1
ISL
(WWN)
(None / Chap)
(MD5 / SHA-1)
(32 hex or 16 ASCII char value)
(MD5 / SHA-1 / None)
(domain ID 1-239, 0=None)
[00:00:00:00:00:00:00:00]
[None
[MD5
[
[None
[
[0
] chap
]
] 0123456789abcdef
]
]
]