Fc San Module Policy Enforcement Matrix; Advanced Device Security Policy; How The Ads Policy Works; Enabling And Disabling The Advanced Device Security Policy - Dell PowerEdge M420 Administrator's Manual
8/4 gbps fc san module administrator's guide
Hide thumbs
Also See for PowerEdge M420:
- Reference manual (1682 pages) ,
- Configuration manual (1246 pages) ,
- Getting started manual (202 pages)
Table of Contents
Advertisement
3
Advanced Device Security policy
FC SAN Module policy enforcement matrix
The following table shows which combinations of policies can co-exist with each other.
TABLE 4
Policies
Auto Port Configuration
N_Port Grouping
ADS Policy
Advanced Device Security policy
The Advanced Device Security (ADS) is disabled by default for the FC SAN Module. ADS is a security
policy that restricts access to the fabric at the to a set of authorized devices. Unauthorized access
is rejected and the system logs a RASLOG message. You can configure the list of allowed devices
for each internal port (F_Port) by specifying their Port WWN (PWWN). The ADS policy secures virtual
and physical connections to the SAN.
How the ADS policy works
When you enable this policy, it applies to all internal ports (F_Ports) on the FC SAN Module. By
default, all devices have access to the fabric on all ports. You can restrict the fabric connectivity to
a particular set of devices where FC SAN Module maintains a per-port allow list for the set of
devices whose PWWN you define to log in through an internal port. You can view the devices with
active connections to an internal port using the ag --show command.
NOTE
The ag
directly connected to fabric. The agshow
the Core and Edge modules.
Enabling and disabling the Advanced Device Security policy
By default, the ADS policy is disabled. When you manually disable the ADS policy, all of the allow
lists (global and per-port) are cleared. Before disabling the ADS policy, you should save the
configuration using the configupload command in case you need this configuration again.
1. Connect to the FC SAN Module and log in using an account assigned to the admin role.
2. Enter the ag
3. Enter the ag
8
Policy enforcement matrix
Auto Port Configuration
N/A
Mutually exclusive
Can co-exist
show command only displays the Core FC SAN Module, such as the modules that are
--
policyenable ads command to enable the ADS policy.
--
switch:admin> ag --policyenable ads
The policy ADS is enabled
policydisable ads command to disable the ADS policy.
--
switch:admin> ag --policydisable ads
The policy ADS is disabled
Port Grouping
ADS Policy
Cannot co-exist
Can co-exist
N/A
Can co-exist
Can co-exist
N/A
name name command displays the internal ports of both
--
Dell 8/4Gbps FC SAN Module Administrator's Guide
53-1001345-01
Advertisement
Table of Contents
