Ensuring Fabric Domains Share Policies; Table 30 Fcs Switch Operations - HP StoreFabric SN6500B Administrator's Manual

7
FCS policies
Table 30
TABLE 30
Allowed on FCS switches
secPolicyAdd (Allowed on all switches for SCC and DCC
policies as long as it is not fabric-wide)
secPolicyCreate (Allowed on all switches for SCC and
DCC policies as long as it is not fabric-wide)
secPolicyDelete (Allowed on all switches for SCC and
DCC policies as long as its not fabric-wide)
secPolicyRemove (Allowed on all switches for SCC and
DCC policies as long as its not fabric-wide)
fddCfg –-fabwideset
Any fabric-wide commands
All zoning commands except the show commands
All AD commands
In Fabric OS v7.1.0 and later, to avoid segmentation of ports due to a member-list order mismatch,
security policy members are sorted based on WWN. By default, DCC and SCC policy members are
sorted based on WWN. Switches running earlier Fabric OS versions will have the member list in the
unsorted manner. Any older-version switch with a policy already created in unsorted order will have
port segmentation due to order mismatch when attempting to join any switch with Fabric OS v7.1.0
or later. To overcome the order mismatch, you can modify the member list in the switch by using the
-legacy option. For more information about using the -legacy option in the secPolicyAdd and
secPolicyCreate commands, refer to Fabric OS Command Reference, Supporting Fabric OS, v7.1.0.

Ensuring fabric domains share policies

Whether your intention is to create new FCS policies or manage your current FCS policies, you must
follow certain steps to ensure the domains throughout your fabric have the same policy.
The local-switch WWN cannot be deleted from the FCS policy.
1. Create the FCS policy using the secPolicyCreate command.
2. Activate the policy using the secPolicyActivate command.
3. To distribute the policies, enter the distribute -p policy_list -d switch_list command to either
200
shows the commands for switch operations for Primary FCS enforcement.
FCS switch operations
If the command is not entered, the changes are lost when the session is logged out.
send the policies to intended domains, or enter the distribute -p policy_list -d wild_card (*)
command to send the policies to all switches.
Allowed on all switches
secPolicyShow
fddCfg localaccept or fddCfg --localreject
–-
userconfig, Passwd, Passwdcfg (Fabric-wide distribution
is not allowed from a backup or non-FCS switch.)
secPolicyActivate
secPolicySave
secPolicyAbort
SNMP commands
configupload
Any local-switch commands
Any AD command that does not affect fabric-wide
configuration
Fabric OS Administrator's Guide
53-1002745-02