Fabric OS Administrator’s Guide 195
53-1002745-02
Chapter
7
Configuring Security Policies
In this chapter
•ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
•ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
•FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
•Device Connection Control policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
•SCC Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
•Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . . . . . . . . 207
•IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
•Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
•Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
ACL policies overview
Each supported Access Control List (ACL) policy listed below is identified by a specific name, and
only one policy of each type can exist, except for DCC policies. Policy names are case-sensitive and
must be entered in all uppercase. Fabric OS provides the following policies:
• Fabric configuration server (FCS) policy — Used to restrict which switches can change the
configuration of the fabric.
• Device connection control (DCC) policies — Used to restrict which Fibre Channel device ports
can connect to which Fibre Channel switch ports.
• Switch connection control (SCC) policy — Used to restrict which switches can join with a switch.
Run all commands in this chapter by logging in to Administrative Domain (AD) 255 with the
suggested permissions. If Administrative Domains have not been implemented, log in to AD0.
How the ACL policies are stored
The policies are stored in a local database. The database contains the ACL policy types of FCS,
DCC, SCC, and IPFilter. The number of policies that may be defined is limited by the size of the
database. FCS, SCC and DCC policies are all stored in the same database.
In a fabric with Fabric OS v6.2.0 and later switches present, the limit for security policy database
size is set to 1Mb. The policies are grouped by state and type. A policy can be in either of the
following states:
• Active, which means the policy is being enforced by the switch.
• Defined, which means the policy has been set up but is not enforced.
To Next Page
Loading...
Need help?
General