Secpolicycreate - Brocade Communications Systems Brocade 8/12c Command Reference Manual
Brocade fabric os command reference manual supporting fabric os v7.0.0 (april 2011)
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1080 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
22
secPolicyCreate
secPolicyCreate
Creates a new security policy.
SYNOPSIS
secpolicycreate "name" [, "member[;member...]"]
DESCRIPTION
Use this command to create a new policy and to edit Switch Connection Control (SCC), Device
Connection Control (DCC), and Fabric Configuration Server (FCS) policies on the local switch. All
policies can be created only once, except for the DCC_POLICY_nnn. Each DCC_POLICY_nnn must
have a unique name. This command can be issued on all switches in the current fabric for SCC and DCC
policies if they are not intended to be fabric-wide.
Adding members while creating a policy is optional. You can add members to a policy later, using the
secPolicyAdd command.
Each policy corresponds to a management method. The list of members of a policy acts as an access
control list for that management method. Before a policy is created, there is no enforcement for that
management method, which is all access is granted. After a policy is created and a member is added to
the policy, that policy is closed to all access except to included members. If all members are then deleted
from the policy, all access is denied for that management access method.
All newly created policies are saved on the local switch only, unless the switch has a fabric-wide
consistency policy for that policy.
In a Virtual Fabric environment, when you create a DCC lockdown policy on a logical switch, the DCC
policy is created for each port in the chassis, even though the ports are not currently present in the local
logical switch. This is done to provision the DCC policy for the ports that may be moved later. If a policy
seems stale at any point, use the secPolicyDelete command to remove all stale DCC policies.
Fabric wide consistency policies can be configured on a logical switch basis, which applies the FCS
policy to the corresponding fabric connecting to the logical switch. Automatic policy distribution behavior
for DCC, SCC and FCS remains unchanged in Fabric OS v6.2.0 or later and can be configured on a
logical switch basis.
NOTES
When an FCS policy is enabled, this command can be issued only from the Primary FCS switch.
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS
This command has the following operands:
"name"
884
Specify the name of the policy you want to create. Valid values for this operand
include the following:
•
DCC_POLICY_nnn
•
SCC_POLICY
•
FCS_POLICY
The specified policy name must be capitalized.
The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed by
a string of user-defined characters. These characters do not have to be
capitalized like regular policy names. Valid values for DCC_POLICY_nnn are
user-defined alphanumeric or underscore characters. The maximum length is 30
characters, including the prefix DCC_POLICY_.
Fabric OS Command Reference
53-1001764-01
Advertisement
Chapters
Table of Contents
