beautypg.com

Virtual fabrics considerations, Dcc policy restrictions, Creating a dcc policy – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 217

background image

Each device port can be bound to one or more switch ports; the same device ports and switch ports
may be listed in multiple DCC policies. After a switch port is specified in a DCC policy, it permits
connections only from designated device ports. Device ports that are not specified in any DCC policies
are allowed to connect only to switch ports that are not specified in any DCC policies.

When a DCC violation occurs, the related port is automatically disabled and must be re-enabled using
the portEnable command.

Table 43

shows the possible DCC policy states.

DCC policy states

TABLE 43

Policy state

Characteristics

No policy

Any device can connect to any switch port in the fabric.

Policy with no
entries

Any device can connect to any switch port in the fabric. An empty policy is the same as no
policy.

Policy with
entries

If a device WWN or Fabric port WWN is specified in a DCC policy, that device is only allowed
access to the switch if connected by a switch port listed in the same policy.

If a switch port is specified in a DCC policy, it only permits connections from devices that are
listed in the policy.

Devices with WWNs that are not specified in a DCC policy are allowed to connect to the switch
at any switch ports that are not specified in a DCC policy.

Switch ports and device WWNs may exist in multiple DCC policies.

Proxy devices are always granted full access and can connect to any switch port in the fabric.

Virtual Fabrics considerations

The DCC policies that have entries for the ports that are being moved from one logical switch to another
will be considered stale and will not be enforced. You can choose to keep stale policies in the current
logical switch or delete the stale policies after the port movements. Use the secPolicyDelete command
to delete stale DCC policies.

DCC policy restrictions

The following restrictions apply when using DCC policies:

• Some older private-loop host bus adaptors (HBAs) do not respond to port login from the switch and

are not enforced by the DCC policy. This does not create a security problem because these HBAs
cannot contact any device outside of their immediate loop.

• DCC policies cannot manage or restrict iSCSI connections, that is, an FC Initiator connection from an

iSCSI gateway.

• You cannot manage proxy devices with DCC policies. Proxy devices are always granted full access,

even if the DCC policy has an entry that restricts or limits access of a proxy device.

Creating a DCC policy

DCC policies must follow the naming convention "DCC_POLICY_nnn", where nnn represents a unique
string. The maximum length is 30 characters, including the prefix DCC_POLICY_.

Virtual Fabrics considerations

Fabric OS Administrators Guide

217

53-1003130-01

See also other documents in the category Brocade Computer Accessories: