beautypg.com

Dell POWEREDGE M1000E User Manual

Page 878

background image

846

Fabric OS Command Reference

53-1001764-02

secPolicyCreate

2

The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed
by a string of user-defined characters. These characters do not have to be
capitalized like regular policy names. Valid values for DCC_POLICY_nnn are
user-defined alphanumeric or underscore characters. The maximum length is
30 characters, including the prefix DCC_POLICY_.

secpolicycreate DCC_POLICY "*" may be used to indicate DCC lockdown. This
command creates a unique policy for each port in the fabric locking it down to
the device connected or creating an empty policy to disallow any device to be
connected to it. This can be done only when there are no other DCC policies
defined on the switch.

"member"

Specify one or more members to be included in the security policy. The
member list must be enclosed in double quotation marks and members
separated by semicolons. The member list must be separated from the name
field by a comma and a space. Depending on the policy type, members are
specified as follows:

DCC_POLICY Members

The DCC_Policy_nnn is a list of devices associated with a specific switch and
port index combination. An empty DCC_POLICY does not stop access to the
switch. The device is specified by its port WWN. The switch and port
combination must be in the switch port format

switch can be specified using a WWN, domain, or switch name.

port can be specified by port numbers separated by commas and enclosed in
either brackets or parentheses: for example, (2, 4, 6). Ports enclosed in
brackets include the devices currently attached to those ports.

The following examples illustrate several ways to specify the port values:

(1-6)

Selects ports 1 through 6.

(*)

Selects all ports on the switch.

[3, 9]

Selects ports 3 and 9 and all devices attached to those ports.

[1-3, 5] Selects ports 1 through 3 and 5 and all devices attached to those

ports.

[*]

Selects all ports on the switch and devices currently attached to

those ports.

SCC_POLICY and FCC_POLICY Members

This policy type requires member IDs to be specified as WWN strings,
domains, or switch names. If domain or switch names are used, the switches
associated must be present in the fabric or the command fails.

To add all switches in the current fabric as members of the policy, enter an
asterisk enclosed in quotation marks (*) as the member value. This feature
cannot be used by the other security commands.