Ip Filter Policy Distribution; Managing Filter Thresholds; Policy Database Distribution - HP StoreFabric SN6500B Administrator's Manual
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
7
Policy database distribution
1. Log in to the switch using an account with admin permissions, or an account associated with
2. Enter the ipFilter
IP Filter policy distribution
The IP Filter policy is manually distributed by command. The distribution includes both active and
defined IP Filter policies. All policies are combined as a single entity to be distributed and cannot be
selectively distributed. However, you may choose the time at which to implement the policy for
optimization purposes. If a distribution includes an active IP Filter policy, the receiving switches
activate the same IP Filter policy automatically. When a switch receives IP Filter policies, all
uncommitted changes left in its local transaction buffer are lost, and the transaction is aborted.
The IPFilter policy can be manually distributed to the fabric by command; there is no support for
automatic distribution. To distribute the IPFilter policy, see
page 227 for instructions.
Switches with Fabric OS v6.2.0 or later have the ability to accept or deny IP Filter policy distribution,
through the commands fddCfg --localaccept or fddCfg --localreject. See
distribution"
Virtual Fabrics considerations: To distribute the IPFilter policy in a logical fabric, use the
chassisDistribute command.
Managing filter thresholds
Fabric OS v7.1.0 allows you to configure filter thresholds using the fmMonitor command.
1. Connect to the switch and log in using an account with admin permissions, or an account with
2. Enter the fmMonitor command.
Example of fmMonitor command:
admin> fmMonitor -–create ex1 -pat 12,0xFF,0x08 -port 2/1-2,8/3 -highth
1000 - action snmp,raslog –timebase minute
Policy database distribution
Fabric OS lets you manage and enforce the ACL policy database on either a per-switch or
fabric-wide basis. The local switch distribution setting and the fabric-wide consistency policy affect
the switch ACL policy database and related distribution behavior.
The ACL policy database is managed as follows:
•
224
the chassis role and having the OM permissions for the IPfilter RBAC class of commands.
transabort command.
–-
on page 224 for more information on distributing the IP Filter policy.
OM permissions for the FabricWatch RBAC class of commands.
Switch database distribution setting — Controls whether or not the switch accepts or rejects
databases distributed from other switches in the fabric. The distribute command sends the
database from one switch to another, overwriting the target switch database with the
distributed one. To send or receive a database the setting must be accept. For configuration
instructions, see
"Database distribution settings"
Virtual Fabric considerations: FCS, DCC, SCC, and AUTH databases can be distributed using
the -distribute command, but the PWD and IPFILTER databases are blocked from distribution.
"Distributing the local ACL policies"
"Policy database
on page 225.
Fabric OS Administrator's Guide
on
53-1002745-02
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
