beautypg.com

Ensuring fabric domains share policies – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 214

background image

FCS switch operations

TABLE 41

Allowed on FCS switches

Allowed on all switches

secPolicyAdd (Allowed on all switches for SCC and DCC policies
as long as it is not fabric-wide)

secPolicyShow

secPolicyCreate (Allowed on all switches for SCC and DCC
policies as long as it is not fabric-wide)

fddCfg --localaccept or fddCfg --localreject

secPolicyDelete (Allowed on all switches for SCC and DCC
policies as long as its not fabric-wide)

userconfig, Passwd, Passwdcfg (Fabric-wide
distribution is not allowed from a backup or
non-FCS switch.)

secPolicyRemove (Allowed on all switches for SCC and DCC
policies as long as its not fabric-wide)

secPolicyActivate

fddCfg -- fabwideset

secPolicySave

Any fabric-wide commands

secPolicyAbort

All zoning commands except the show commands

SNMP commands

All AD commands

configupload

Any local-switch commands

Any AD command that does not affect fabric-
wide configuration

In Fabric OS v7.1.0 and later, to avoid segmentation of ports due to a member-list order mismatch,
security policy members are sorted based on WWN. By default, DCC and SCC policy members are
sorted based on WWN. Switches running earlier Fabric OS versions will have the member list in the
unsorted manner. Any older-version switch with a policy already created in unsorted order will have
port segmentation due to order mismatch when attempting to join any switch with Fabric OS v7.1.0 or
later. To overcome the order mismatch, you can modify the member list in the switch by using the -
legacy option in the secPolicyAdd and secPolicyCreate commands.

Ensuring fabric domains share policies

Whether your intention is to create new FCS policies or manage your current FCS policies, you must
follow certain steps to ensure the domains throughout your fabric have the same policy.

The local-switch WWN cannot be deleted from the FCS policy.

1. Create the FCS policy using the secPolicyCreate command.
2. Activate the policy using the secPolicyActivate command.

If the command is not entered, the changes are lost when the session is logged out.

3. Distribute the policy using the distribute -p command.

distribute -p policy_list -d switch_list

You can specify an asterisk (*) for the switch_list to send the policy to all switches.

Ensuring fabric domains share policies

214

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: