beautypg.com

Admin domain considerations for acl policies, Virtual fabric considerations for acl policies, Policy members – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 210: Acl policy management

background image

When a policy is activated, the defined policy either replaces the policy with the same name in the
active set or becomes a new active policy. If a policy appears in the defined set but not in the active
set, the policy was saved but has not been activated. If a policy with the same name appears in both
the defined and active sets but they have different values, then the policy has been modified but the
changes have not been activated.

Admin Domain considerations for ACL policies

ACL management can be done on AD255 and in AD0 only if there are no user-defined Admin
Domains. Both AD0 (when no other user-defined Admin Domains exist) and AD255 provide an
unfiltered view of the fabric.

Virtual Fabric considerations for ACL policies

ACL policies such as DCC, SCC, and FCS can be configured on each logical switch. The limit for
security policy database size is set to 1Mb per logical switch.

Policy members

The FCS, DCC and SCC policy members are specified by device port WWN, switch WWN, domain
IDs, or switch names, depending on the policy. The valid methods for specifying policy members are
listed in

Table 39

.

Valid methods for specifying policy members

TABLE 39

Policy name

Device port WWN or Fabric port WWN

Switch WWN

Domain ID

Switch name

FCS_POLICY

No

Yes

Yes

Yes

DCC_POLICY_nnn

Yes

Yes

Yes

Yes

SCC_POLICY

No

Yes

Yes

Yes

ACL policy management

All policy modifications are temporarily stored in volatile memory until those changes are saved or
activated. You can create multiple sessions to the switch from one or more hosts. It is recommended
you make changes from one switch only to prevent multiple transactions from occurring. Each logical
switch will have its own access control list.

The FCS, SCC and DCC policies in Secure Fabric OS are not interchangeable with Fabric OS FCS,
SCC and DCC policies. Uploading and saving a copy of the Fabric OS configuration after creating
policies is strongly recommended. For more information on configuration uploads, see

Maintaining the

Switch Configuration File

on page 255.

NOTE
All changes, including the creation of new policies, are saved and activated on the local switch only--
unless the switch is in a fabric that has a strict or tolerant fabric-wide consistency policy for the ACL

Admin Domain considerations for ACL policies

210

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: