Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 1046

background image

1016

Fabric OS Command Reference

53-1003131-01

secPolicyCreate

2

The specified policy name must be capitalized.

The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed by
a string of user-defined characters. These characters do not have to be
capitalized like regular policy names. Valid values for DCC_POLICY_nnn are
user-defined alphanumeric or underscore characters. The maximum length is 30
characters, including the prefix DCC_POLICY_.

secpolicycreate DCC_POLICY "*" may be used to indicate DCC lockdown. This
command creates a unique policy for each port in the fabric locking it down to the
device connected or creating an empty policy to disallow any device to be
connected to it. This can be done only when there are no other DCC policies
defined on the switch. The switch must be in an enabled state for DCC lockdown
to succeed. On a disabled switch, executing secpolicycreate DCC_POLICY "*"
will not create any DCC policies.

"member"

Specify one or more members to be included in the security policy. The member
list must be enclosed in double quotation marks and members separated by
semicolons. The member list must be separated from the name field by a comma
and a space. Depending on the policy type, members are specified as follows:

DCC_POLICY Members

The DCC_Policy_nnn is a list of devices associated with a specific switch and port
index combination. An empty DCC_POLICY does not stop access to the switch.
The device is specified by its port WWN. The switch and port combination must be
in the switch port format.

switch can be specified using a WWN, domain, or switch name.

port can be specified by port numbers separated by commas and enclosed in
either brackets or parentheses: for example, (2, 4, 6). Ports enclosed in brackets
include the devices currently attached to those ports.

The following examples illustrate several ways to specify the port values:

(1-6)

Selects ports 1 through 6.

(*)

Selects all ports on the switch.

[3, 9]

Selects ports 3 and 9 and all devices attached to those ports.

[1-3, 5]

Selects ports 1 through 3 and 5 and all devices attached to those ports.

[*]

Selects all ports on the switch and devices currently attached to those ports.

SCC_POLICY and FCC_POLICY Members

This policy type requires member IDs to be specified as WWN strings, domains,
or switch names. If domain or switch names are used, the switches associated
must be present in the fabric or the command fails.

To add all switches in the current fabric as members of the policy, enter an
asterisk enclosed in quotation marks (*) as the member value. This feature cannot
be used by the other security commands.

-legacy

Creates a security policy with desired order.