Secpolicycreate – Dell POWEREDGE M1000E User Manual

Page 877

Advertising
background image

Fabric OS Command Reference

845

53-1001764-02

secPolicyCreate

2

secPolicyCreate

Creates a new security policy.

Synopsis

secpolicycreate "name" [, "member[;member...]"]

Description

Use this command to create a new policy and to edit Switch Connection Control (SCC), Device
Connection Control (DCC), and Fabric Configuration Server (FCS) policies on the local switch. All
policies can be created only once, except for the DCC_POLICY_nnn. Each DCC_POLICY_nnn must
have a unique name. This command can be issued on all switches in the current fabric for SCC and
DCC policies if they are not intended to be fabric-wide.

Adding members while creating a policy is optional. You can add members to a policy later, using
the secPolicyAdd command.

Each policy corresponds to a management method. The list of members of a policy acts as an
access control list for that management method. Before a policy is created, there is no
enforcement for that management method, which is all access is granted. After a policy is created
and a member is added to the policy, that policy is closed to all access except to included
members. If all members are then deleted from the policy, all access is denied for that
management access method.

All newly created policies are saved on the local switch only, unless the switch has a fabric-wide
consistency policy for that policy.

In a Virtual Fabric environment, when you create a DCC lockdown policy on a logical switch, the
DCC policy is created for each port in the chassis, even though the ports are not currently present
in the local logical switch. This is done to provision the DCC policy for the ports that may be moved
later. If a policy seems stale at any point, use secPolicyDelete to remove all stale DCC policies.

Fabric wide consistency policies can be configured on a logical switch basis, which applies the FCS
policy to the corresponding fabric connecting to the logical switch. Automatic policy distribution
behavior for DCC, SCC and FCS remains unchanged in Fabric OS v6.2.0 and can be configured on a
logical switch basis.

Notes

When an FCS policy is enabled, this command can be issued only from the Primary FCS switch.

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may
be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command
Availability" for details.

Operands

This command has the following operands:

"name"

Specify the name of the policy you want to create. Valid values for this
operand are:

DCC_POLICY_nnn

SCC_POLICY

FCS_POLICY

The specified policy name must be capitalized.

Advertising
Popular Brands
Popular manuals