Each supported Access Control List (ACL) policy listed below is identified by a specific name, and only
one policy of each type can exist, except for DCC policies. Policy names are case-sensitive and must
be entered in all uppercase. Fabric OS provides the following policies:

• Fabric configuration server (FCS) policy -- Used to restrict which switches can change the

configuration of the fabric.

• Device connection control (DCC) policies -- Used to restrict which Fibre Channel device ports can

connect to which Fibre Channel switch ports.

• Switch connection control (SCC) policy -- Used to restrict which switches can join with a switch.

NOTE
Run all commands in this chapter by logging in to Administrative Domain (AD) 255 with the suggested
permissions. If Administrative Domains have not been implemented, log in to AD0.

How the ACL policies are stored

The policies are stored in a local database. The database contains the ACL policy types of FCS, DCC,
SCC, and IPFilter. The number of policies that may be defined is limited by the size of the database.
FCS, SCC and DCC policies are all stored in the same database.

The limit for security policy database size is set to 1Mb. The policies are grouped by state and type. A
policy can be in either of the following states:

• Active, which means the policy is being enforced by the switch.
• Defined, which means the policy has been set up but is not enforced.

Policies with the same state are grouped together in a Policy Set . Each switch has the following two
sets:

• Active policy set , which contains ACL policies being enforced by the switch.
• Defined policy set , which contains a copy of all ACL policies on the switch.

Fabric OS Administrators Guide

209

53-1003130-01