Fcs policies, Fcs policy restrictions – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual
Page 213
All changes since the last time the secPolicySave or secPolicyActivate commands were entered
are aborted.
FCS policies
Fabric configuration server (FCS) policy in base Fabric OS may be performed on a local switch basis
and may be performed on any switch in the fabric.
The FCS policy is not present by default, but must be created. When the FCS policy is created, the
WWN of the local switch is automatically included in the FCS list. Additional switches can be included in
the FCS list. The first switch in the list becomes the Primary FCS switch.
Switches in the fabric are designated as either a Primary FCS, backup FCS, or non-FCS switch. Only
the Primary FCS switch is allowed to modify and distribute the database within the fabric. Automatic
distribution is supported and you can either configure the switches in your fabric to accept the FCS
policy or manually distribute the FCS policy. Changes made to the FCS policy are saved to permanent
memory only after the changes have been saved or activated; they can be aborted later if you have set
your fabric to distribute the changes manually.
FCS policy states
TABLE 40
Policy state
Characteristics
No active policy
Any switch can perform fabric-wide configuration changes.
Active policy with one entry
A Primary FCS switch is designated (local switch), but there are no backup FCS
switches. If the Primary FCS switch becomes unavailable for any reason, the fabric is
left without an FCS switch.
Active policy with multiple
entries
A Primary FCS switch and one or more backup FCS switches are designated. If the
Primary FCS switch becomes unavailable, the next switch in the list becomes the
Primary FCS switch.
FCS policy restrictions
The backup FCS switches normally cannot modify the policy. However, if the Primary FCS switch in the
policy list is not reachable, then a backup FCS switch is allowed to modify the policy.
Once an FCS policy is configured and distributed across the fabric, only the Primary FCS switch can
perform certain operations. Operations that affect fabric-wide configuration are allowed only from the
Primary FCS switch. Backup and non-FCS switches cannot perform security, zoning and AD operations
that affect the fabric configuration. The following error message is returned if a backup or non-FCS
switch tries to perform these operations:
Can only execute this command on the Primary FCS switch.
Operations that do not affect the fabric configuration, such as show or local switch commands, are
allowed on backup and non-FCS switches.
FCS enforcement applies only for user-initiated fabric-wide operations. Internal fabric data propagation
because of a fabric merge is not blocked. Consequently, a new switch that joins the FCS-enabled fabric
could still propagate the AD and zone database.
shows the commands for switch operations for Primary FCS enforcement.
FCS policies
Fabric OS Administrators Guide
213
53-1003130-01