Deleting A Dcc Policy; Dcc Policy Behavior With Fabric-Assigned Pwwns; Table 33 Dcc Policy Behavior With Fa-Pwwn When Created Using Lockdown Support - HP StoreFabric SN6500B Administrator's Manual
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
Deleting a DCC policy
1. Connect to the switch and log in using an account with admin permissions, or an account with
2. Enter the secPolicyDelete command.
Example of deleting stale DCC policies
DCC policy behavior with Fabric-Assigned PWWNs
A DCC policy check is always performed for the physical port WWN of a device when the HBA has
established that the device is attempting a normal FLOGI and has both a fabric-assigned port WWN
(FA-PWWN) and a physical port WWN.
DCC policies created with FA-PWWNs will result in the disabling of FA-PWWN assigned ports on
subsequent FLOGI. It is therefore recommended to create policies with the physical PWWN
DCC policies created with the lock down feature result in DCC policies with FA-PWWNs. It is
therefore recommended to avoid using the lock down feature in fabrics that are using FA-PWWNs.
A DCC policy created with a device WWN for a specific port allows the device to log in only on the
same port. The same device will not be allowed to log in on a different port. For devices that log in
across an AG, the policy should be created with all the NPIV ports, so even if failover occurs the
device will be allowed to log in on a different NPIV port.
Table 33
created using lockdown support.
TABLE 33
Configuration
•
•
•
•
•
•
•
•
•
1.
activation of DCC policies that are created with FA-PWWNs. This is done to avoid disturbing any existing
management.
2.
port, you must enforce the DCC policy for a physical device WWN; otherwise, the device will not be allowed to login
again.
Fabric OS Administrator's Guide
53-1002745-02
OM permissions for the Security RBAC class of commands.
switch:admin> secpolicydelete ALL_STALE_DCC_POLICY
About to clear all STALE DCC policies
ARE YOU SURE
(yes, y, no, n): [no] y
lists the behavior of the DCC policy with FA-PWWNs in the fabric when the DCC policy is
DCC policy behavior with FA-PWWN when created using lockdown support
FA-PWWN has logged into the switch
DCC policy creation with lock down
(uses FA-PWWN).
DCC policy activation.
DCC policy creation with lockdown
(uses physical PWWN).
FA-PWWN has logged into the switch
DCC policy activation.
DCC policy creation with lockdown
(uses physical PWWN)
DCC policy activation
FA-PWWN has logged into the switch
Indicates a security concern, because devices that are logged in with FA-PWWNs will not be disabled after
Any disruption in the port will disable the port for a security violation. As the traffic is already disrupted for this
Device Connection Control policies
WWN seen on
Behavior when DCC policy
DCC policy list
activates
FA-PWWN
Traffic will not be
1
disrupted.
Physical
Traffic will not be
PWWN
disrupted.
Physical
Traffic will not be
PWWN
disrupted.
7
Behavior on portDisable
and portEnable
Ports will be disabled
2
for security violation.
Ports will come up
without security
issues.
Ports will come up
without any security
issues.
205
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
