Acl policy distribution to other switches, Distributing the local acl policies, Fabric-wide enforcement – Dell POWEREDGE M1000E User Manual
Page 227: Switches, Acl policy distribution to other, Ns, see
Fabric OS Administrator’s Guide
227
53-1002745-02
Policy database distribution
7
ACL policy distribution to other switches
This section explains how to manually distribute local ACL policy databases. The distribute
command has the following dependencies:
•
All target switches must be running Fabric OS v6.2.0 or later.
•
All target switches must accept the database distribution (see
“Database distribution settings”
•
The fabric must have a tolerant or no (absent) fabric-wide consistency policy (see
If the fabric-wide consistency policy for a database is strict, the database cannot be manually
distributed. When you set a strict fabric-wide consistency policy for a database, the distribution
mechanism is automatically invoked whenever the database changes.
•
The local distribution setting must be accepted. To be able to initiate the distribute command,
set the local distribution to accept.
Distributing the local ACL policies
1. Connect to the switch and log in using an account with admin permissions, or an account with
OM permissions for the FabricDistribution RBAC class of commands.
2. Enter the distribute -p command.
Fabric-wide enforcement
The fabric-wide consistency policy enforcement setting determines the distribution behavior when
changes to a policy are activated. Using the tolerant or strict fabric-wide consistency policy ensures
that changes to local ACL policy databases are automatically distributed to other switches in the
fabric.
NOTE
To completely remove all policies from a fabric enter the fddCfg
--
fabwideset "” command.
When you set the fabric-wide consistency policy using the fddCfg command with the
--
fabwideset database_id
option, both the fabric-wide consistency policy and specified database
are distributed to the fabric.The active policies of the specified databases overwrite the
corresponding active and defined policies on the target switches.
Policy changes that are saved but not activated are stored locally until a policy database change is
activated. Activating a policy automatically distributes the Active policy set for that policy type (SCC,
DCC, FCS, or any combination of the three) to the other switches in the fabric.
NOTE
FC routers cannot join a fabric with a strict fabric-wide consistency policy. FC routers do not support
the fabric-wide consistency policies.
describes the fabric-wide consistency settings.